0

Infrastructure layout

BLUE lines initiate the request to login.

RED lines is the response after successful login. I hit a 404 going from idp(janie-pc/ofsidentityservice) to fp(janie-pc/federationservice).

infrastructure layout

Configuration

thinktecture identity server v2 configuration

What do I need to do to get this flow working?

I'm using the latest release (v2.3): https://github.com/thinktecture/Thinktecture.IdentityServer.v2/releases

It looks like i might need to specify a redirect url but what does thinktecture need the url to be?

Community
  • 1
  • 1
Leblanc Meneses
  • 3,001
  • 1
  • 23
  • 26

1 Answers1

1

You need to redirect back to the /issue/hrd endpoint of the relay.

leastprivilege
  • 18,196
  • 1
  • 34
  • 50
  • setting the Redirect URL to the hrd solved the issue. flow is 100% working thanks! Why doesn't the idp already know how to redirect automatically? - couldn't the relay specify the reply to url? – Leblanc Meneses Jan 14 '14 at 18:01
  • That would be a security issue. This way it would be possible to transmit the token to some random server. – leastprivilege Jan 15 '14 at 12:31
  • I get the open redirect security problem. In this example I have already specified the Identity Provider at the federation service AND I specified the federation service as a relying party at the idp - based on that trust alone couldn't we have a signed token for reply_to that could be validated and not have the open redirect problem? Hard coding the redirect url works today - but possibly a feature request. – Leblanc Meneses Jan 15 '14 at 18:35
  • Well - that's not how WS-Federation is specified ;) The redirect URI is part of the contract two token services share. – leastprivilege Jan 15 '14 at 19:03