Things have slightly changed between releases of WAAD, so I thought I quickly document the steps how to add the GA version of WAAD as an identity provider to IdentityServer.
If we would support parsing WS-Federation metadata, this could be much simpler – but right now we don’t, so I show you the manual way (and a little ninja trick).
1) Add a new application to WAAD
Add the application to your WAAD from the Azure portal.
2) Configure WS-Federation
The App ID is the IdentityServer’s Site ID (from the General tab in the admin area) and the reply URL is IdentityServer’s HRD endpoint.
3) Add WAAD to IdentityServer
This is the tricky part. All the information you need is in WAAD’s metadata. You can access the metadata from the application configuration/endpoints page in the Azure portal. The URL is something like:
In that document you can find two things – the WS-Federation endpoint URL and the signing key.
The ninja trick: You can copy and paste the X.509 certificate to a text editor and save it as a .cer file. Now you can double click it in Explorer and get the usual certificate view, from the details pane you can copy the thumbprint.
Enter these two value into IdentityServer’s identity provider configuration:
That’s it! HTH