Setting up a WS-Federation Relying Party
In order to set up a new WS-Federation Relying Party Provider client, you will need to navigate to the /clients and click the ‘Add Client’ button and select ‘WS-Fed Replying Party’ from the list of client types.
Please note that you will need a license for WS-Federation in order to integrate with the WS-Federation Relying Party. You can get a demo license by visiting our Ws-Fed product page. The unique WS-fed wizard screens will contain the following fields:
|String value registered
|Unique name for the client
|Client display name
|Has no effect no the client itself, will be displayed on the user consent screen
|Description of the client
|Callback Url (http:// or https://)
|A url endpoint
|Takes a Url for the endpoint which will be used to receive the authentication tokens e.g https://mydomain.com/sign-in
The Callback Url is required to be in a valid http:// or https:// format. Although it is always recommended to use TLS in production. The next screen allows you to enter the Identity Resources your client will be able to access. This list comes from the list of predefined Identity Resources. You must select at least one Identity Resource to proceed to the next screen. The final screen you can view the summary of the proposed client application and make any appropriate changes.
Configuring WS-Fed Client
Once a WS-Fed Client has been created it can be configured by finding the Client within the Clients page and clicking on it. Here it is possible to modify more advanced settings, add additional resources, modify token type and access audit specific to the Client.
The WS-Fed tab contains the Client’s WS-Federation specific settings;
|Select from default, SAML 1.1 or SAML 2.0
|Use the default or change to a specific RSA algorithm
|Use the default or change to use a specific SHA algorithm
|SAML Name Id Format
|Enter the format that will be used for the SAML name id
To find out all the configurable options for a WS-Fed Service provider, check out our WS-Fed documentation