I have an application that authenticates against ADFS 2 via WS-Federation. When I get feedback from ADFS and on the basis of that claim I seek a specific claim, I can authorize the user in my application. I want to make an increment in which a user is authenticated against ADFS and without my claim comes back to my application, so that I send them back to the identity provider (ADFS), but this time they have to return their credentials again. I am compelled to provide I wrote my code to find an authenticated user who lost the required claim and sent it back to re-authenticate, this time sending with the "Freshness" parameter (wfresh = 0). I was under the impression that it will prompt the user for credentials, but it seems that the original credentials can be reused, which certainly causes an inherent loop (which stops the ADFS. ) How can I get it?
My URL looks like this when I send it to IDP after the necessary claim:
https://somedomain.com/adfs/ls/auth/integrated /? Wa = wsignin1.0 & amp; Wtrealm = https% 3a% 2f% 2fanotherdomain.com% 2flogin.ashx and wreply = https% 3a% 2f% 2fanother domain% 2flogin.ashx and wctx = 1106273 and wfresh = 0
does not mean wfresh on integrated. You are always signed in to AD and can not sign out. Perhaps the story is different for form based authentication but it does not try to do this in ADFS.
No comments:
Post a Comment