Vittorio describes here in great detail how to provision a WAAD tenant as an identity provider in an ACS namespace. Since we are all using the same technology under the bonnet, this should also work with IdentityServer – and it does.
Make sure to read Vittorio’s post first – the differences are as follows:
1 The provisioning script
The reply URL points to the HRD endpoint:
$replyUrl = New-MsolServicePrincipalAddresses –Address “https://server/issue/hrd “
..and the service principal uses the configured IdSrv issuer URI:
New-MsolServicePrincipal –ServicePrincipalNames @(“http://identityserver.v2.thinktecture.com/trust/changethis “) -DisplayName “IdSrv” -Addresses $replyUrl
2 IdentityServer configuration
On the IdSrv side, you need to add a new identity provider – I got the values for WS-Federation Endpoint and Issuer Thumbprint from the WAAD federation metadata document (see Vittorio’s post), e.g.
Have fun ;)
Pingback: Windows Azure Community News Roundup (Edition #56) - Windows Azure Blog
I can’t seem to find the issuer thumbprint in the fed metadata. Any ideas?
I think they are using the same cert for all tenants. So it should be the same as in my blog post. Otherwise re-create the cert from metadata and have a look there.
Hi there, where is the ability to add an identity provider in version 2 of the STS?
In the admin area…https://vimeo.com/51666379
Hey Dominick, thanks for the reply, I don’t see half the menu items that you have in that video. Any idea how to get them to display? I’ve tried the latest source “release” and also the source from git hub master, both haven’t show the identity providers menu item in administration for me.
You need to enable “federation” in the WS-Federation protocol settings.
Excellent thanks, I enabled that and BAM! Many thanks for your time :)
I see the following only
•Relying Parties & Resources
Is it possible to use identity server with azure AD to achieve true SSO? As in, when user goes to app, they are not required to enter any username or password, they just go straight through?
How? can we get an example or blog post on this please?