Exercise 3: Accepting Tokens from an Active Directory Federation Services (ADFS) STS
In this exercise you will modify the application from the previous exercise for accepting tokens from an existing Active Directory Federation Services (ADFS) STS. You can expect this to be by far the most common scenario in which you will take advantage of an STS: the Windows Identity Foundation makes this task very easy, thanks to its integration with Visual Studio and the use of federation metadata.
Note that in a real world scenario this task would require two steps:
The current exercise focuses on the first step: the second step is unnecessary in our case. In order to make the lab more agile, we will take advantage of an instance of Active Directory Federation Services (ADFS) that is available through the Internet. Such an instance has been pre-provisioned with the data of the RP being used in this lab, hence it will start issuing tokens for us as soon as we will request them. For this reason, it is of key importance that the application URI and the certificates will follow exactly what is specified in the lab instructions.
Redirect & Claims flow in the case in which the identity provider is Windows Identity Foundation Server
Task 1 -Referencing an STS Published by an Instance of Active Directory Federation Services ( ADFS)
Exercise 3: Verification
In order to verify that you have correctly performed all steps in the exercise three, proceed as follows: