WS-Federation

FoxIDs support WS-Federation as both authentication method and application registration.

WS-Federation is an XML-based identity federation protocol used by enterprise and legacy web applications. It is commonly used with AD FS, Microsoft Entra ID legacy WS-Federation applications, SharePoint, Dynamics, and older ASP.NET applications.

FoxIDs supports WS-Federation passive sign-in, WS-Federation sign-out, Federation Metadata import and export, and SAML token types used by WS-Federation.

Authentication method

Configure a WS-Federation authentication method which trusts an external WS-Federation Security Token Service (STS) / Identity Provider (IdP).

FoxIDs acts as the WS-Federation relying party when users are sent to the external STS. The external STS returns a SAML token in the WS-Federation response, and FoxIDs converts the claims internally to JWT claims before issuing tokens or assertions to the application registration.

Typical identity providers include AD FS, Microsoft Entra ID legacy WS-Federation applications, SharePoint, Dynamics, and generic WS-Federation STSes.

Application registration

Configure your application as a WS-Federation application registration.

Your application becomes a WS-Federation relying party, and FoxIDs acts as the Security Token Service (STS). FoxIDs exposes Federation Metadata to the application and issues SAML tokens in WS-Federation sign-in responses.

Typical relying parties include Microsoft Entra ID domain federation as an AD FS replacement, AD FS relying party trusts, SharePoint, Dynamics, older ASP.NET WS-Federation middleware, and generic WS-Federation applications.

How-to guides:

Token types

WS-Federation in FoxIDs can issue and validate:

  • SAML 1.1
  • SAML 2.0

SAML 1.1 is the default token type because it is widely used by WS-Federation systems such as AD FS. SAML 1.x metadata token type aliases are treated as SAML 1.1. The token type can be configured for both authentication methods and application registrations.

Claim mappings

WS-Federation tokens contain SAML claims. FoxIDs converts SAML claims to JWT claims internally between the authentication method and the application registration.

The SAML/JWT claim mappings are shared with SAML 2.0 and can be configured in the settings menu in FoxIDs Control.

Votre confidentialité

Votre confidentialité

Nous utilisons des cookies pour améliorer votre expérience sur nos sites. Cliquez sur « Accepter tous les cookies » pour accepter l'utilisation des cookies. Pour refuser les cookies non essentiels, cliquez sur « Cookies nécessaires uniquement ».

Consultez notre politique de confidentialité pour en savoir plus