Stack Overflow
Stack Overflow

Questions tagged [sts-securitytokenservice]

Security Token Service. A web service where a user (or client software) presents some form of credentials (e.g., username/password), and if valid the result is a 'security token' that can be used to access a web application or web service. Often used for implementing single sign-on (SSO).

Security Token Service: A web service where a user (or client software) presents some form of credentials (e.g., username/password), and if valid the result is a 'security token' that can be used to access a web application or web service. Often used for implementing single sign-on (SSO).

167 questions
3
votes
1 answer

Failed to assume role for third-party AWS account using IAM user's access key

I am trying to give a third-party AWS Account access to my AWS Account using Assume Role function with SecurityAudit role, similar to here. I followed the explanation from this to assign the third-party account the role called testing where I will…
Ihsan Haikal
  • 1,085
  • 4
  • 16
  • 42
3
votes
1 answer

Can "token" generated using "Paseto Token" be decrypted and viewed like "JWT Token"?

I am using "Platform agnostic Security Token" for oAuth in Golang - https://github.com/o1egl/paseto I am not able to understand, why this is better than JWT even after reading README My Major Question is: Can "token" generated be altered like "JWT"…
Raven Go
  • 35
  • 5
3
votes
1 answer

SPA + API + OIDC: How to authenticate an API caller when it's only providing an ACCESS token?

Let's say you are developing a client side JavaScript SPA app (Angular), a backend API for this app (ASP.NET Core in my case) and you use an identity provider that implements Open ID Connect protocol (I'm using IdentityServer4). Apparently the…
Ahmad Akra
  • 505
  • 4
  • 14
3
votes
1 answer

Is a valid SSL certificate required to make the Claims-Based Authentication work in Sharepoint Foundation 2010?

I am trying to get the claims-based authentication to work with Sharepoint Foundation 2010. I have followed several of the tutorials online and added my role and membership providers to the web.config of the applications as well as the STS web…
Newclique
  • 494
  • 3
  • 15
3
votes
1 answer

How to Validate a SAML Token

The scenario I'm trying to support is this: A client website is redirecting to my website using a single sign on from their site. The client side has a STS that generates a SAML token for the authenticated user that gets passed to my website. My…
shyneman
  • 83
  • 4
3
votes
2 answers

Windows Identity Foundation Security Token Service can't stay logged in

I'm using the Windows Identity Foundation (WIF) Security Token Service (STS) to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I…
Chris Marisic
  • 32,487
  • 24
  • 164
  • 258
3
votes
0 answers

aws sts AssumeRoleWithWebIdentityInput

I'm having problems using the AWS STS service to give temporary user access to the console. I can use the IDP and AssumeRoleWithWebIdentityInput method to retrieve credentials fine and have tested the credentials as working using the aws-cli tools,…
gambol
  • 53
  • 1
  • 7
3
votes
2 answers

Why does web client require Passive STS when using WIF

I have a web application and would want it to be secured using a Custom STS using Windows Identity foundation 3.5. All examples have a passive STS in scene. Why is this needed? and What happens if you call the Active STS 9Custom written using WIF)…
chugh97
  • 9,602
  • 25
  • 89
  • 136
3
votes
1 answer

What is the most elegant and efficient way to provide AAA to web services using a WS gateway and LDAP?

I'm looking for the best way to provide authorization, authentication, and auditing to web services. I'll be using a web service gateway appliance deployed to the DMZ, and there will be an LDAP instance as a user store behind the firewall. How…
Kaiser Advisor
  • 1,446
  • 2
  • 16
  • 26
3
votes
2 answers

Looking for a secure and robust STS implementation

I am faced with a project that uses custom authentication via a WCF service that returns a set of claims based on some data identifying a user, close to user name and password. Then on top of this, I have a custom STS, derived from…
ProfK
  • 49,207
  • 121
  • 399
  • 775
3
votes
2 answers

Federated Security - Separate SSL and RP certificates (.NET 4.5 & WIF)

I am currently working on a solution using an STS, a client and a WCF service which is consumed by the client. Currently this is all done through configuration with the client successfully retrieving the token and passing it on to the WCF…
Sam Cartwright
  • 163
  • 7
3
votes
1 answer

Invalid algorithm specified - Custom STS

I have implemented a custom STS in order to authenticate users from our web application into a SharePoint instance hosted elsewhere, and is displayed in a frame in the application. This worked fine during development, and also during testing,…
Brad
  • 143
  • 2
  • 8
3
votes
2 answers

VS2013 & MVC 4 -How to setup thinktecture Embedded STS

I am running a project that used the local STS in VS2012 after upgrading to 2013. Now I find out that VS2013 doesn't have a builtin STS server anymore. Looking for alternatives I found…
Peter
  • 7,792
  • 9
  • 63
  • 94
3
votes
1 answer

Finding STS providers for Windows Identity Foundation

I've had a very brief look at Windows Identity Foundation (WIF) and it looks to me like I could say that my site is going to accept logins from other sites. e.g. anyone with a gmail or LiveID account will be able to post comments on a thread in my…
Dylan
  • 1,306
  • 1
  • 11
  • 29
3
votes
1 answer

SharePoint 2013 Custom login page?

I am using claim based authentication and I want to use a custom login page rather than the _login/default.aspx page. I have created an application page using Visual Studio 2012 and have deployed a login page in _layouts folder. What I understand…
Aakif
  • 91
  • 2
  • 7
1
2
3
11 12