Windows Identity Foundation (WIF) Configuration – Part III ()

The information in this post is based on Windows Identity Foundation Config.xml file that ships with WIF SDK.

<wsFederattion> defines parameter settings for WS-Federation protocol STS. This affects the settings for the WSFederationAuthenticationModule.

ATTRIBUTES

• authenticationType. String, default is "". The request wauth type.
• freshness. Float, default is "" . The value of the required freshness.
• homeRealm. String, default is "" . The home realm of the IdentityProvider
• issuer. String, default is "" . The URI of the token issuer.
• policy. String, default is "" . The URI of the relevant policy.
• realm. String, default is "" . The URI of requesting realm.
• reply. String, default is "" . The URI of address to reply to.
• request. String, default is "" . The URI of WS-Federation request.
• requestPtr. String, default is "". The URI of WS-Federation request pointer.
• resource. String, default is "". The URI of WS-Federation resource value.
• requireHttps. Boolean, default is true. Controls whether the module will only redirect a secure URL for the STS.
• passiveRedirectEnabled. Boolean, default false. Controls whether the module is enabled to automatically redirect
  unauthorized requests to an STS.
• persistentCookiesOnPassiveRedirects. Boolean, default is false. Specifies whether persistent cookies are issued when the module is enabled to initiate WS-Federation passive protocol redirects.
• signInQueryString. String, default is "" . Application defined parameters for the sign in request URL.
• signOutQueryString. String, default is "" . Application defined parameters for the sign out request URL.
• signOutReply. String, default is "" . URL to return to following sign out.

Example:

       <wsFederation authenticationType="wauth"
                     freshness="45"
                     homeRealm="https://homeRealm"
                     issuer="i"
                     policy="https://policy"
                     realm="https://realm"
                     reply="https://reply"
                     request="https://request"
                     requestPtr="https://requestPtr"
                     resource ="https://resource"
                     requireHttps="true"
                     passiveRedirectEnabled="true"
                     persistentCookiesOnPassiveRedirects="true"
                     signInQueryString="abc=xyz"
                     signOutQueryString="def=uvw"
                     signOutReply="https://signoutreply" />

Related Books

• Programming Windows Identity Foundation (Dev - Pro)
• A Guide to Claims-Based Identity and Access Control (Patterns & Practices) – free online version
• Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer)
• Ultra-Fast ASP.NET: Build Ultra-Fast and Ultra-Scalable web sites using ASP.NET and SQL Server
• Advanced .NET Debugging
• Debugging Microsoft .NET 2.0 Applications

Related Info

• Windows Identity Foundation (WIF) Configuration – Part I
• Windows Identity Foundation (WIF) Configuration – Part II (<cookieHandler>, <chunkedCookieHandler>, <customCookieHandler>)
• Windows Identity Foundation (WIF) Questions & Answers
• Windows Identity Foundation (WIF) and Azure AppFabric Access Control (ACS) Service Survival Guide
• Windows Identity Foundation (WIF) Fast Track
• Windows Identity Foundation (WIF) Code Samples
• Windows Identity Foundation (WIF) SDK Help Overhaul