Stack Overflow
Stack Overflow

Questions tagged [sts-securitytokenservice]

Security Token Service. A web service where a user (or client software) presents some form of credentials (e.g., username/password), and if valid the result is a 'security token' that can be used to access a web application or web service. Often used for implementing single sign-on (SSO).

Security Token Service: A web service where a user (or client software) presents some form of credentials (e.g., username/password), and if valid the result is a 'security token' that can be used to access a web application or web service. Often used for implementing single sign-on (SSO).

165 questions
36
votes
5 answers

Error - A SignInResponse message may only redirect within the current web application - MVC 2.0 application

I have a situation where we have a MVC 2 application(I tried this with a basic MVC 2 app without any extra stuff, still same problem) and am using adfs 2 for authenticating my users. So.. Now I get into my application and I get the below.. ID3206: A…
John
  • 688
  • 1
  • 10
  • 22
8
votes
2 answers

Using STS and WCF having issue with unsecured or incorrectly secured fault exception

I'm working with a couple of WCF services all secured using WIF and a STS provider (all using out of the box Microsoft code and examples). These services were all built using .NET 3.5 and have all been recently updated to .NET 4.0. ALL .dlls…
atconway
  • 18,827
  • 24
  • 140
  • 216
7
votes
5 answers

WCF Interop with Axis2 using WS-Trust

We are trying to get WCF and Java talking to each other using SAML tokens issued from an STS. Despite the fact that both sides are compliant with the standards, WS-Security, WS-Trust, WS-Policy, etc., they don't seem to talk to each other and one or…
Greg Ennis
  • 13,126
  • 1
  • 64
  • 70
6
votes
4 answers

Is WIF a good option for securing WCF 4.0 Restful service with iPhone

I have a project which needs to expose WCF restful service to iphone/ipad Client. The WCF worked, now i need to secure it with username and password. For some reason i am a little reluctant to go with CustomBasicAuth Oauth is also not ideal in WCF…
D.J
  • 2,402
  • 4
  • 26
  • 42
6
votes
2 answers

Implementing claims-based security (WCF/ASP.NET)

After researching on the topic of claims-Based security (or a federated security model). I've been coming across many examples that use CardSpace as an example. The main article that I read that gave a really great explanation of the subject was a…
nyxtom
  • 2,899
  • 2
  • 21
  • 24
6
votes
1 answer

Why does my STS client get this error? "The value of the 'type' property could not be parsed.Verify that the type attribute of 'issuerNameRegistry..."

I frequently encounter this error and my efforts had not any result. Error : ID8030: The value of the 'type' property could not be parsed.Verify that the type attribute of 'issuerNameRegistry type="Webapp1.TrustedIssuerNameRegistry,webapp1"…
Amir Jalilifard
  • 1,663
  • 2
  • 21
  • 32
5
votes
3 answers

Custom WIF Request Validator Infinite Loop

While fixing the problem described here, I created another that I can seem to find anywhere else on the web: SignInResponseMessage message = WSFederationMessage.CreateFromFormPost(context.Request) as SignInResponseMessage; The above code keeps…
ryanhallcs
  • 237
  • 1
  • 14
5
votes
2 answers

Authentication when using Security Token Service

I have created a Security Token Service (STS), an service with a reference to the STS and an example desktop application. This works as expected when using Windows authentication and Message security, a token is retrieved from the STS and the…
Alex Marshall
  • 789
  • 1
  • 8
  • 21
5
votes
2 answers

SAML token size and REST

We are implementing STS (claim based authentication) for the the REST based services. One of the reasons amongst many when we decide to create REST services (with JSON) was the small footprint over the wire. With STS, the SAML token with just a few…
amit_g
  • 28,825
  • 7
  • 54
  • 111
5
votes
1 answer

Expiring Claims with windows identity foundation and mvc

I've got a very basic application that is correctly redirecting to my STS and back again after successful authentication. There's a couple of areas that I'm currently unsure as to how they work, and hoping some light can be shed on them. 1) How do…
RubbleFord
  • 7,006
  • 9
  • 46
  • 77
4
votes
1 answer

Owin WS-Federation setting up token sliding expiration

Can somebody explain how to implement sliding expiration using the new Owin WS-Federation plugin? On the client side, at WS-Fedeartion configuration I see that there are some events like : Notifications = new…
Cristian E.
  • 2,167
  • 3
  • 23
  • 46
4
votes
2 answers

What does WS-Federation really do (in depth and by a simple & understandable example)?

I have read some text about WS-Fedaration but i can not understand it. I have some questions : What would happen if there were no WS-Federation? How does it help to Single Sign-on? What is the difference between WS-Trust and WS-Federation? I just…
Amir Jalilifard
  • 1,663
  • 2
  • 21
  • 32
4
votes
1 answer

ASP.Net WebApi Authentication and Security

I have been looking at the Thinktecture.IdentityModel.40 library as a way of handling the security of my Asp.Net WebApi. One point I don't understand is the following, and this is my question. When the user authenticates the first time, they need to…
SetiSeeker
  • 5,490
  • 9
  • 38
  • 61
3
votes
1 answer

Failed to assume role for third-party AWS account using IAM user's access key

I am trying to give a third-party AWS Account access to my AWS Account using Assume Role function with SecurityAudit role, similar to here. I followed the explanation from this to assign the third-party account the role called testing where I will…
Ihsan Haikal
  • 917
  • 2
  • 11
  • 28
3
votes
1 answer

Can "token" generated using "Paseto Token" be decrypted and viewed like "JWT Token"?

I am using "Platform agnostic Security Token" for oAuth in Golang - https://github.com/o1egl/paseto I am not able to understand, why this is better than JWT even after reading README My Major Question is: Can "token" generated be altered like "JWT"…
Raven Go
  • 33
  • 4
1
2 3
10 11