-
Notifications
You must be signed in to change notification settings - Fork 329
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WS-Fed ability to import federationmetadata.xml from 3rd party IDPs #2152
Comments
Thanks @maliksahil : this is very clear and actionable! |
@jmprieur along that, we have the following request for the same issue: Details troubleshooting MSAL auth request issue: The problem is that this TAG should be written with a “M” (uppercase) 3.1. Message Information Headers XML Infoset Representation The following describes the contents of the message information header blocks: This IDP is case sensitive, and then returns a HTTP 500 response. Is there a chance for this to be addressed as well along the request? |
Design: L
|
@maliksahil : do you know how we can setup a test environment? Is it something you could work with the identity lab? |
We could test using one of our own accounts, and maybe even setup automation with a lab account. |
|
Need to sync with Sahil to get clarity on desired changes. Setting up time for it |
Is your feature request related to a problem? Please describe.
When you try to import FederationMetadata.xml from a URL, with the current implementation of MSAL, things work when you import from ADFS becasue wsdl:definitions/ node is the top level node, as shown below.
However, when importing from third party Idps such as siteminder, this node is at a different level, as shown below, which causes this import to fail.
![image](https://user-images.githubusercontent.com/4992186/97635909-8ea56380-1a0e-11eb-9487-a8a84e05646d.png)
As per the spec, this should be an acceptable format, https://www.w3.org/TR/ws-metadata-exchange/#Appendix-A
Describe the solution you'd like
There are two possible fixes,
I feel option #2 would be useful anyway, there are frequently scenarios where you need to pass in the xml by hand. This would give someone flexibility to hand-edit and feed a file if necessary, or when the file is unreachable because of any reason. I remember back in VS2005, authentication was a reason to have a file hand-fed in. But this would be useful regardless in environments where the federationmetadata.xml is distributed manually.
So ideally we should do both #1 and #2.
Describe alternatives you've considered
As an alternative, the customer can choose to hand-edit the 3rd party IDPs federationmetadata to match in structure as ADFS's and host it manually.
Additional context
None
The text was updated successfully, but these errors were encountered: