I hope someone can help me out. How can I do federation over TCP? I am using ADFS as my STS. My WCF service (Relying party) expose its endpoint over net.tcp bindings. The STS would be accessed through wsHttp endpoints. How would I do this? Any suggestions?
Thank you
I am just wondering if I am doing this correctly. I have created a custom binding. This is for the server side.
<!-- STS Binding -->
<ws2007HttpBinding>
<binding name="STSBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Windows">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="false"/>
</security>
</binding>
</ws2007HttpBinding>
<customBinding>
<binding name="WCFTestServiceLibrary.IService1_FederationNetTcpBinding">
<security authenticationMode="SecureConversation" requireSecurityContextCancellation="true">
<secureConversationBootstrap authenticationMode="IssuedToken">
<issuedTokenParameters tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile- 1.1#SAMLV2.0">
<issuer address="https://test/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256"
binding="ws2007HttpBinding" bindingConfiguration="STSBinding">
</issuer>
<issuerMetadata address="https://test/adfs/services/trust/mex" />
<claimTypeRequirements>
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="true" />
<add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" isOptional="true" />
</claimTypeRequirements>
</issuedTokenParameters>
</secureConversationBootstrap>
</security>
<binaryMessageEncoding />
<tcpTransport />
</binding>
</customBinding>
Never done this but from what I've read:
Check that your endpoint is enabled in ADFS.
Then add tcp to the "Enabled Protocols" for the ADFS IIS site.
Refer Enabling net.tcp
