I have ASP.NET MVC application (with OWIN) that is currently configured to use IdP that uses OpenID Connect protocol. In OpenId Connect i can request claims using Scope values as a part of singin request. For example.
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44300/identity",
Scope = "openid profile email",
ClientId = "XXXXXXXXXXXXXXXXXXXXXX",
RedirectUri = "http://localhost:36102/",
ResponseType = "id_token",
SignInAsAuthenticationType = "Cookies",
}
in return IdP includes these claims into token, and application (SP) can access them.
Now i want to configure two more IdP in my application, One use SAML2 and other user WS-Federation. For SAML2 Idp i am using SustainSys library and for WS-Federation i am using Microsoft.Owin.Security.WsFederation library.
I think scopes are only valid for OpenID Connect protocol, For other 2 protocols how do i request these claims that my application requires?
Correct, scopes are only valid for OpenID Connect.
The other two protocols do not have this feature.
With ADFS e.g. as the IDP, you get the claims configured in ADFS.
Since both your SAML application and your WS-Fed application are configured as different RP, they can have different claim sets.