Relying Parties

To configure a WS-Federation relying party, you must create a Client record within IdentityServer that models the relying party, and, optionally, create a WS-Federation specific RelyingParty record to overwrite protocol level defaults.

Client

• ClientId

  Must be equal to the Realm (wtrealm) of the relying party

• ProtocolType

  Must equal wsfed

• RedirectUris

  Allowed URIs for responses (wreply)

• AllowedScopes

  Determines what claim types that will be included in the SAML token response. Must be at least openid

Relying Party (optional)

• Realm

  Must match the Realm (wtrealm) of the relying party. Must also match the ClientId of a Client record

• TokenType

  The token type to be returned from the identity provider for this relying party. Overrides the default found in WsFederationOptions

• SignatureAlgorithm

  The signature algorithm with which to sign SAML tokens returned to this relying party. Overrides the default found in WsFederationOptions

• DigestAlgorithm

  The digest algorithm used in SAML tokens returned to this relying party. Overrides the default found in WsFederationOptions

• SamlNameIdentifierFormat

  NameID format to be used in the SAML tokens returned to this relying party. Overrides the default found in WsFederationOptions

• ClaimMapping

  Maps OpenID format claim types to SAML suitable claim types. Claim types not defined in the mapping will not be included in generated SAML tokens. Overrides the default found in WsFederationOptions. Example: {"name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"}