I just uploaded a minor update. This includes the following changes:
- Fixed bugs in HRD screen
- SSL redirect filter uses configured SSL port now
- Fixed a bug in CookieTempData
- Added application recycle feature
available here:
http://thinktecture.github.com/Thinktecture.IdentityServer.v2/
leastprivilege.com 
Hi Dominick, I don’t know the best way to reach you so I keep leaving comments wherever I can find a slot. I have a question regarding ‘ACT AS’ protocol. We have a WCF services backend where we will be calling it from an RSTR issued from the STS. My first inclination is that if we could somehow pass the token from the MVC backend to the wcf service to authenticate at the wcf service layer that would be ideal because they will probably both share the same private key, certificate anytway and thus we would not be spoofing the wcf service by calling it with the initial token used to secure the MVC controller action. I do undetrstand passing a token to the service layer because it is another tier may not fall into the philosophy of rightful behaivor. At any rate long story short can I pass the token to the wcf service or do I have to go through ACT AS protocol
Well you can – via the bootstrap token feature and using bearer tokens. But yeah – your above mentioned limitations apply.
Are you saying then that if both the wcf service and the mvc web application share the same certificate that I can send the token directly to to the wcf service without having to make another trip to the STS or are you saying that I can actually send the token to the wcf service directly? I don’t think it is a violation of philosophy if i was able to go directly to the wcf service without the additional STS call if they share the same private key. So please let me know if it is going to sts again with act as or i can short cut it.
Thanks,
Michael
You should be able to short cut it. You need to give it a try.
forget line 4 below above it is a reiteration of the prior line lines.
Dominick, I am working on logout. I passed the following URL
1) https://10.100.0.60/STS/?wa=wsignout1.0&wreply=https://10.100.0.60/RelyingParty
which did not redirect back
then I called
2) https://10.100.0.60/STS/?wa=wsignout1.0
and that took me to the landing page of the STS but showed me as logged in.
Is my url issuances correct protocol? What is going on?
Thxs,
Michael
In IdentityServer?
I am in Relying Party and have logout button. I then make the call to Identityserver.with above url’s
Does identityserver handle this correctly? Was wondering why I did not get a call back with the wreply. I should url encode and will.
Thxs,
Michael
All IdentityServer discussions should go to
https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues
You have to use the issue/wsfed endpoint.