Passive Federation Client

3 ביוני 2013

As we all know it is simple to call a federated web site authenticated by AD FS 2.0 or any other identity provider using passive federation. The client is a browser that knows nothing about federation. All the browser knows is to send http requests and to submit html forms. It would be interesting to write a small library that will mimic the browser behavior and allow applications to call web sites using passive federation. such web sites can implement RESTful web services or any other http based API. Currently applications use ACTIVE federation which means they have...
no comments

How to Analyze SAML Traffic

2 ביוני 2013

To learn and debug ADFS 2.0 and the SAML protocol it is important to look at the traffic running between the client, STS and the RP (web application). When using AD FS 2.0 the traffic must be sent on a secure channel (SSL), Fortunately Fiddler can decrypt the content and present the actual traffic on the wire yet when activating fiddler and with SSL decryption (as shown here) you will be continuously prompted for credentials by the AD FS 2.0 Federation Server. This prompt comes in the form of a HTTP 401 challenge dialog box.   ...
tags: , ,
one comment