Episerver CMS ADFS 3.0 Configuration


What are coonfigurations for ADFS 3.0 server to work with EpiServer CMS. implemented these - http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/federated-security/  http://world.episerver.com/blogs/Kalle-Ljung/Dates/2014/11/using-azure-active-directory-as-identity-provider/  working in azure cloud, but not in local ADFS 3.0 

Jul 20, 2016 12:27

Is the ADFS configured to have endpoints for WS-Federation? Do you have other apps working against the ADFS Server?

Sep 08, 2016 12:30

Johan Kronberg: I'm trying to use ADFS with federation and I see that you asked a question about ADFS and endpoints for WS-Federation some time ago. I've been requested to supply the ADFS endpoint for WS-FederationPassiv protocols in ADFS, but have no idea what this means. Do you know anything about this?

Mar 27, 2017 13:05

If you click on the Service\Endpoints folder in the ADFS snap-in you can see the endpoints. Look for the FederationMetadata.xml URL and browse it.

Edited, Mar 27, 2017 14:26
<p>Sorry for taking some time answering. My email was blocked as spam by Episerver.</p> <p>What I was looking for is the&nbsp;<span>WS-FederationPassiv endpoint on the Episerver site. We tried using the same URL as the&nbsp;Relying Party Trust. Seems to be working ok.</span></p>
Mar 29, 2017 8:32

Is your Epi site MVC or Web Forms?

Mar 29, 2017 8:42

It's a MVC-site.

Mar 29, 2017 8:42

I usually set the startpage. Something in Microsoft.Owin.Security.WsFederation will catch those requests on any URL I think.

There was some trick needed for Web Forms but not for MVC.

Mar 29, 2017 9:00

I guess that's why it's working since we use the startpage URL as Relying Party Trust (Wtrealm) too. Thank you very much for your input.

Mar 29, 2017 9:02

It's smart (I hope :) ) to use a bogus value (something https://customer-x-prod) for WtRealm to clearify that it's not a URL that needs to be working but only used for referencing.

Mar 29, 2017 9:09

Yes, I see your point. The WtRealm was decided by the people responsible for the ADFS. But I will pass you advice through to them.

Mar 29, 2017 9:11
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.