Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The SP includes so-called "RP" support for the WS-Federation protocol as profiled by Microsoft in their ADFSv1 product. The SP can act as a WS-Federation Passive Profile relying party in the same fashion that it supports SAML. All SP features not specific to the SAML protocol are supported equally for WS-Federation IdPs.

Note

This page is not relevant to use of ADFSv2, which supports a subset of SAML 2.0. The CommercialInterop page has information on SAML interoperation with Microsoft's implementation (what little has been provided, anyway).

Metadata

Support for WS-Federation is currently provisioned and secured using the same metadata sources used for SAML. A profile of SAML metadata for use by WS-Federation peers was developed for the Shibboleth 1.3 release and remains supported in Shibboleth 2.0.

...

Code Block
xml
xml
<OutOfProcess>
    <Extensions>
        <Library path="adfs.so" fatal="true"/>
    </Extensions>
</OutOfProcess>
<InProcess>
    <Extensions>
        <Library path="adfs-lite.so" fatal="true"/>
    </Extensions>
</InProcess>

Enabling the WS-Federation Protocol

...

(SP V2.4 and Above)

To enable the WS-Fed support on current SP versions, simply add the ADFS protocol token to the content of the <SSO> element (and if desired, the <Logout> element).

Enabling the WS-Federation Protocol (SP Versions < V2.4)

On older versions, enabling the plugin requires some simple modifications to the handlers defined inside the <Sessions> element:

...