This release is feature complete and if I don’t get any bug reports this is also pretty much the final V1.
Changes from B1
- The configuration data access is now based on EF 4.1 code first. This makes it much easier to use different data stores. For RTM I will also provide a SQL script for SQL Server so you can move the configuration to a separate machine (e.g. for load balancing scenarios).
- I included the ASP.NET Universal Providers in the download. This adds official support for SQL Azure, SQL Server and SQL Compact for the membership, roles and profile features. Unfortunately the Universal Provider use a different schema than the original ASP.NET providers (that sucks btw!) – so I made them optional. If you want to use them go to web.config and uncomment the new provider.
- The relying party registration entries now have added fields to add extra data that you want to couple with the RP. One use case could be to give the UI a hint how the login experience should look like per RP. This allows to have a different look and feel for different relying parties. I also included a small helper API that you can use to retrieve the RP record based on the incoming WS-Federation query string.
- WS-Federation single sign out is now conforming to the spec.
- Certificate based endpoint identities for SSL endpoints are optional now.
- Added a initial configuration “wizard”. This sets up the signing certificate, issuer URI and site title on the first run.
This is still a “developer” release – that means it ships with source code that you have to build it etc. But from that point it should be a little more straightforward as it used to be:
- Make sure SSL is configured correctly for IIS
- Map the WebSite directory to a vdir in IIS
- Run the web site. This should bring up the initial configuration
- Make sure the worker process account has access to the signing certificate private key
- Make sure all your users are in the “IdentityServerUsers” role in your role store. Administrators need the “IdentityServerAdministrators” role
That should be it. A proper documentation will be hopefully available soon (any volunteers?).
Please provide feedback! thanks!