Appendix A

This appendix shows you how to use the FedUtil wizard for the scenarios in this book. Note that a Security Token Service (STS) is equivalent to an issuer.

Using FedUtil to Make an Application Claims-Aware

This procedure shows how to use FedUtil to make an application claims-aware. In this example, the application is a-Order.

First you'll need to open the FedUtil tool. There are two ways to do so. One way is to go to the Windows Identity Foundation (WIF) SDK directory and run FedUtil.exe. The other is to open the single sign-on (SSO) solution in Microsoft® Visual Studio® development system, right-click the a-Order.ClaimsAware project, and then click Add STS Reference. In either case, the FedUtil wizard opens.

To make an application claims-aware

  1. In the Application configuration location box, enter the location of the a-Order Web.config file or browse to it. In the Application URI box, enter the Uniform Resource Indicator (URI) for aOrder, and then click Next.
  2. In the Security Token Service dialog box, select Use an Existing STS. Alternatively, you can select Create a new STS project in the current solution to create a custom STS that you can modify.
  3. In the STS federation metadata location box, enter the URI of the federation metadata or browse to it, and then click Next.
  4. In the Security token encryption dialog box, select No encryption, and then click Next.
  5. In the Offered claims dialog box, click Next.
  6. On the Summary page, click Finish.

Along with using FedUtil, you must also make the following changes:

  • In the a-Expense Web.config file, change the name of TrustedIssuer to Adatum. This is necessary because a-Expense uses a custom data store for users and roles mapping. Names should be formatted as Adatum\name. For example, Adatum\mary is correctly formatted.
  • Place the ADFS token signing certificate into the Trusted People store of the local machine.