I have ADFS configured and running in the internal network on the IP 192.168.0.200 A console application should be able to authenticate against this ADFS instance from the external network. In order to achieve this i have configured NAT rule as follows: externaldomain.com:9443 -> 192.168.0.200:443
console app calls ADFS this way:
string relyingPartyId = @"https://localhost:8099/";
string adfsEndpoint = @"https://externaldomain.com:9443/adfs/services/trust/13/usernamemixed";
var binding2 = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential)
{
ClientCredentialType = HttpClientCredentialType.None
};
var trustChannelFactory2 = new WSTrustChannelFactory(binding2, new EndpointAddress(adfsEndpoint))
{
TrustVersion = TrustVersion.WSTrust13
};
var channelCredentials2 = trustChannelFactory2.Credentials;
channelCredentials2.UserName.UserName = @"user";
channelCredentials2.UserName.Password = @"password";
channelCredentials2.SupportInteractive = false;
var tokenClient2 = (WSTrustChannel)trustChannelFactory2.CreateChannel();
var rst2 = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Bearer)
{
AppliesTo = new EndpointReference(relyingPartyId),
ReplyTo = relyingPartyId,
TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
};
SecurityToken token = tokenClient2.Issue(rst2);
ADFS crashes with exception: "The message with To 'https://externaldomain.com:9443/adfs/services/trust/13/usernamemixed' cannot be processed at the receiver, due to an AddressFilter mismatch at the EndpointDispatcher. Check that the sender and receiver's EndpointAddresses agree."
If i switch off "usernamemixed" in ADFS config - it replies correct - endpoint not found. I assume problem is with adfs WCF endpoint configuration. Could someone suggest how to deal with it?
One more note, test web application (also running on external web server) can authenticate itself (using adfs log in page) against this adfs instance without any problems.