Thinktecture IdentityServer v2.1

I just uploaded a minor update. This includes the following changes:

  • Fixed bugs in HRD screen
  • SSL redirect filter uses configured SSL port now
  • Fixed a bug in CookieTempData
  • Added application recycle feature

available here:

This entry was posted in IdentityServer. Bookmark the permalink.

9 Responses to Thinktecture IdentityServer v2.1

  1. Michael De Marco says:

    Hi Dominick, I don’t know the best way to reach you so I keep leaving comments wherever I can find a slot. I have a question regarding ‘ACT AS’ protocol. We have a WCF services backend where we will be calling it from an RSTR issued from the STS. My first inclination is that if we could somehow pass the token from the MVC backend to the wcf service to authenticate at the wcf service layer that would be ideal because they will probably both share the same private key, certificate anytway and thus we would not be spoofing the wcf service by calling it with the initial token used to secure the MVC controller action. I do undetrstand passing a token to the service layer because it is another tier may not fall into the philosophy of rightful behaivor. At any rate long story short can I pass the token to the wcf service or do I have to go through ACT AS protocol

  2. Well you can – via the bootstrap token feature and using bearer tokens. But yeah – your above mentioned limitations apply.

    • Michael De Marco says:

      Are you saying then that if both the wcf service and the mvc web application share the same certificate that I can send the token directly to to the wcf service without having to make another trip to the STS or are you saying that I can actually send the token to the wcf service directly? I don’t think it is a violation of philosophy if i was able to go directly to the wcf service without the additional STS call if they share the same private key. So please let me know if it is going to sts again with act as or i can short cut it.



  3. You should be able to short cut it. You need to give it a try.

  4. Michael De Marco says:

    forget line 4 below above it is a reiteration of the prior line lines.

  5. Michael De Marco says:

    Dominick, I am working on logout. I passed the following URL

    which did not redirect back

    then I called

    and that took me to the landing page of the STS but showed me as logged in.

    Is my url issuances correct protocol? What is going on?



      • Michael says:

        I am in Relying Party and have logout button. I then make the call to Identityserver.with above url’s
        Does identityserver handle this correctly? Was wondering why I did not get a call back with the wreply. I should url encode and will.



  6. All IdentityServer discussions should go to

    You have to use the issue/wsfed endpoint.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s