technical-discuss - Re: [InC-Technical] ADFS InCommon Federated Services Help

Subject: InCommon Technical Discussions

List archive

Re: [InC-Technical] ADFS InCommon Federated Services Help

From: Michael A Grady <>
To: "Cantor, Scott" <>
Cc: Eric C Kool-Brown <>, Eric Goodman <>, "" <>, "" <>
Subject: Re: [InC-Technical] ADFS InCommon Federated Services Help
Date: Thu, 8 Feb 2018 14:28:05 -0600
Ironport-phdr: 9a23:bFyVVRZfzeiOxOEWo1zWj8D/LSx+4OfEezUN459isYplN5qZr867bnLW6fgltlLVR4KTs6sC17KP9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCagbb9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjm58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7WYNEUSndbXstJSyNODZ6yYYsNAOQPPuhYoZfzqVwVoBuxGQWsAfniyj9UinPo26AxzuQvERvB3AwlB98At3XUo8n1NKgIT++1yLTDwCneZP1Xwzfy8pXHcxA8qvyLWLJwftDRxlMyGALFlViQtIrlPzKJ2eQKtWiX9exgWvyzi2M+rQx6vzuhxt80h4TJiY8Z0FLJ+ThjzIooJdC1SVR3bcC6HJZRry2WKop7Tt04T212pCo3y6cKtYC0cSUO0pgqyRrSZvqaeIaS+B3jTvyeITJgiXJlZr2/gxGy/FChy+39U8m7y0xKoTBfntnRsHAN1gDc6s+BSvdn+EeuxyqP2xjS6uFCP080ibLWJp4uz7IqlJcfrF7PEjL2lUj3lqOaaFso9+mw5+TieLrmp5ucN4FuigH5N6Qjgsm/AesiMgcUQmea+f+x1KDl/U34XLpKifs2nrPfsJ/EOcQXvrS5DBNN0oY/9xa/CC+r0NUenXYbK1JFfReHj4/vO13UJ/D4F/i/j02wkDh12//GPrvhApTRIXfZlLftZKty609HyAUv0NBf/IlUB6oFIPLyQU/xqMfYAgEjPwy1xebnFMty1pkYWW2RHq+VLrnevkGV6eIycKGwY9pfkz/7N/8/o7bVhnglhRVVKaKg24cQcjbiNtNdHgO0TUe60fkbFmJfmws1TOXnjBWrGRFJbnqjF/Y56SsyBJOOEIHCTYerxrqMwHHoTdVtemlaBwXUQj/TfIKeVqJJMXrKLw==

On Feb 8, 2018, at 1:53 PM, Cantor, Scott <> wrote:

Unfortunately the IdP only sees the request as coming from ADFS rather
than the originating RP. I don't know if the underlying protocols support
naming the original requestor. If they don't, that seems like an oversight.

They do, but I'll let you figure out the odds Microsoft supports setting that field.

It doesn't, unless ADSF 4 has changed. Not only don't they set the field, if you try to send ADFS an AuthnRequest that contains a Scoping element (in which the original RequesterId would be), ADFS rejects it saying "don't understand that element, so cannot process the AuthnRequest.

-- Scott

--
Michael A. Grady
IAM Architect, Unicon, Inc.

Attachment: signature.asc
Description: Message signed with OpenPGP

[InC-Technical] RE: ADFS InCommon Federated Services Help, Eric C Kool-Brown, 02/07/2018
- [InC-Technical] RE: ADFS InCommon Federated Services Help, Eric C Kool-Brown, 02/07/2018
  - [InC-Technical] RE: ADFS InCommon Federated Services Help, Eric Goodman, 02/07/2018
    - [InC-Technical] RE: ADFS InCommon Federated Services Help, Eric C Kool-Brown, 02/08/2018
      - [InC-Technical] RE: ADFS InCommon Federated Services Help, Cantor, Scott, 02/08/2018
        
        Re: [InC-Technical] ADFS InCommon Federated Services Help, Michael A Grady, 02/08/2018
- <Possible follow-up(s)>
- [InC-Technical] Re: ADFS InCommon Federated Services Help, Matthew X. Economou, 02/08/2018
- RE: [InC-Technical] RE: ADFS InCommon Federated Services Help, Matthew X. Economou, 02/09/2018
  - Re: [InC-Technical] RE: ADFS InCommon Federated Services Help, Nick Roy, 02/12/2018

List archive

Re: [InC-Technical] ADFS InCommon Federated Services Help