HTTP Commander ADFS integration.
Note !<configSections> ... <!-- To enable ADFS - uncomment the lines below, to disable - comment out --> <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> </configSections>
<!-- To enable ADFS - uncomment the line below and remove another authentication tag --> <authentication mode="None"/>
<httpModules> ... <!-- To enable ADFS - uncomment the line below --> <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <add name="ADFSAuthModule" type="HttpCommander.ADFSAuthModule, HttpCommander" /> </httpModules>
<modules runAllManagedModulesForAllRequests="true"> ... <!-- To enable ADFS - uncomment the lines below --> <remove name="WSFederationAuthenticationModule" /> <remove name="SessionAuthenticationModule" /> <remove name="ADFSAuthModule" /> <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/> <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/> <add name="ADFSAuthModule" type="HttpCommander.ADFSAuthModule, HttpCommander" preCondition="integratedMode" /> </modules>
<appSettings> <add key="ida:FederationMetadataLocation" value="https://adfs.element-it.local/federationmetadata/2007-06/FederationMetadata.xml"/> <add key="ida:Issuer" value="https://adfs.element-it.local/adfs/ls/"/> <add key="ida:ProviderSelection" value="productionSTS"/> <add key="ida:EnforceIssuerValidation" value="false"/> </appSettings>
<system.identityModel.services> <federationConfiguration> <cookieHandler requireSsl="false"/> <wsFederation passiveRedirectEnabled="true" issuer="https://adfs.element-it.local/adfs/ls/" realm="https://webserver.element-it.local/htcomnet/" requireHttps="false"/> </federationConfiguration> </system.identityModel.services>
Get-AdfsCertificate | Select-Object CertificateType, Thumbprint | Export-Csv -Path C:\temp\adfsthumbs.csv -Encoding ASCII -NoTypeInformation
<system.identityModel> <identityConfiguration> <audienceUris> <add value="https://webserver.element-it.local/htcomnet/"/> </audienceUris> <certificateValidation certificateValidationMode="None"/> <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry"> <trustedIssuers> <add thumbprint="THUMBPRINT_OF_PRIMARY_TOKEN_SIGN_CERTIFICATE_ON_ADFS_SERVER" name="https://adfs.element-it.local/adfs/services/trust"/> </trustedIssuers> </issuerNameRegistry> <securityTokenHandlers> <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> </securityTokenHandlers> </identityConfiguration> </system.identityModel>
c:[] => issue(claim = c);
SetSPN -S SP/C2WTS element-it\svcC2WTSPlease note that command should be executed under domain admin account.