Port the WsFederation middleware from Katana

[Tratcher]

Depends on System.IdentityModel.Tokens.Jwt and Microsoft.IdentityModel.Protocol.Extensions.

[StevenVandenBroeck]

Any news on WsFederation in ASP.NET 5 ?

[blowdart]

The dependency still stands and that work has not yet been completed by the team that owns the IdentityModel pieces.

[brockallen]

Any plans to add signoutcleanup support? That was missing in Katata v3's implementation. It's nice to have single sign-on, but single sign-out is also nice :)

[brentschmaltz]

signoutcleanup is on the map.

WsFed in on the map also, no time frame yet.

[rsbavaresco]

Hi,
how about it, now?

[blowdart]

We're still awaiting support from the WAAD team, they're the ones driving it.

[brentschmaltz]

Yep, it is on our plates and radar. No promises till we drop OIDC.

[lomithrani]

Is there any alternative to authentify using wsfederation or saml2 meanwhile ?

[aredfox]

Is there any news on the feature / roadmap for this feature, as this is now holding back starting new applications in ASPNET5 for our organisation.

[marc-mueller]

Is there any update so far? Not being able to support SAML within our ASP.NET 5 application is currently a showstopper for our project since we have some dependencies with existing systems.

[Tratcher]

This is not happening for v1.0. We'll follow up afterwards.

[marc-mueller]

So this means that the development has not started yet? Is there any estimation about the release?

[Tratcher]

Correct. No, we haven't scheduled any of the post-v1 work yet.

[rschiefer]

We use ADFS extensively for 20 or so internal web applications. This would be a major blocker for us to migrate to ASP.NET Core.

Can someone post a link to the related dependencies so we can go show support for that work as well?

[helmsb]

We've used ADFS as the core of our authentication for our internal application framework which is used throughout our organization. This is a huge blocker for us going to .NET Core.

[Tratcher]

@blowdart @brentschmaltz is it this one? https://github.com/dotnet/corefx/issues/4278

[MaximRouiller]

Just bouncing this again. I'm still seeing people trying the Katana bits with .NET Core.

I'll refer them to this issue.

[leastprivilege]

Maybe it is just me - but I see a lot of companies using ADFS via WS-Fed. They are all blocked to move forward to ASP.NET Core (let alone .NET Core).

Is this a way to push adoption of Windows Server 2016 ;) (I am afraid this does not work that way)

[marc-mueller]

I fully agree with @leastprivilege. There are so many large companies with their ADFS via WS-Fed setup and they won't change that fast. On the development side we are faster then on the infrastructure side and this would allow us to push ASP.NET Core.

[brentschmaltz]

@leastprivilege @marc-mueller @MaximRouiller @helmsb the roadmap to make this happen is fully understood. Everytime I bring it up, the beancounters ask who really cares, if you do care, contact your contacts here at MSFT directly.

@Tratcher dotnet/corefx#4278 is the start of it. CoreFx is the rightfull owner of SignedXml. Once that is in place, IM can re-introduce EnveopledSignatureReader (which should be in IM) and an updated SamlToken / Handler and WsFedSupport.

[MaximRouiller]

@brentschmaltz Right now, I don't. I just see a confusion around the packages.

I'll talk to my beancounter if I ever need it urgently.

[brentschmaltz]

@MaximRouiller I was referring my Microsoft beancounters who want to ensure the number 1 priorities are what we are focused on. So they need to hear from you.

[abezulski]

@DaleMckeown Are you using ADFS3? If so, could you provide some samples? I'm porting MVC5 apps to .net core and having issues with ADFS integration.

[DaleMckeown]

@abezulski Yeah, we are using Oauth2 with ADFS3.0.

Can't give you a working example unfortunately, but me and @lilpug followed this post on carbon60: http://www.carbon60.com/blog/using-adfs-3-0-with-mvc-6-asp-net-5

Took us a while to modify the source code accordingly, but we go there in the end. David documented the changes made to get it working in a comment on the above blog post.

[YaoNiGu]

has anyone known any information about using adfs 2.0 in core2.0 ?

[Tratcher]

@YaoNiGu It's not yet available. We've just started the work.

[ctro]

We need to access a legacy SOAP service that authenticates with WS-Security (WSS) from a .NET Core app. We are looking for WSFed support also.
I work in Government IT. .NET Core and Azure have much promise here, but we very often need to access legacy datasources.

[ashgadala]

Do you have an ETA on when this will this will be addressed.

[danroth27]

@ashgadala The work has started. I expect we'll have something in preview before the end of the year.

[ashgadala]

@danroth27 Wonderful. Thank you so much for the update.

[Tratcher]

The eager can start tracking the work in this branch: https://github.com/aspnet/security/tree/tratcher/wsfed.

The plan is to start by releasing a 2.0.0 compatible preview package off cycle from the normal ASP.NET Core milestones (e.g. ASAP). We'll let you know when something is available on myget.org.

[Tratcher]

Reminder - Apply this change when moving to 2.1: #1188

[Infoseeker]

@chrisdrobison - any updates on https://github.com/chrisdrobison/aspnetcore-wsfed - working with asp.net cpre 2 ?

[Tratcher]

An official preview is now available. See: #1473

[Tratcher]

Doc bug: dotnet/AspNetCore.Docs#4523

[Eilon]

Closing because the bulk of the work is done and in the public preview. We'll track any additional features and bugs as separate issues.