Question
I am very confused about my current ADFS setup. I have an identity provider that issues a SAML 2.0 token to ADFS 2.0 in an IDP-Initiated scenario. ADFS translates the token into WS-Federation, and forwards it on to a claims aware (WIF) web application. The web application, however doesn't recognize the user has having authenticated and redirects back to Home Realm discovery. I've used SAML Tracer in Firefox and I can see the SAML assertions going in and the WS-Federation claims in the parameters being sent to the web application. Is there a step I am missing? I set up custom claim rules to translate the SAML assertion into a WS-Federation claim (e.g. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name) If I switch the SP application to a SAML 2 web app, then everything works fine.
Solution
So after comparing the headers of an IDP initiated request and an SP initiated request, I noticed a difference. The IDP initiated request was missing the wctx parameter. Once I included this in my relaystate, the WIF RP app worked fine.
https://stackoverflow.com/questions/18405432
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianwctx=rm%3D0%26id%3Dpassive%26ru%3D%252FMyDesiredStartPage.aspx
