I'm trying to get both the IdentityServer3 WS-Federation Client and a corresponding IS3 WS-Federation Provider(server) working on my local machine before progressing to a development server.
I'm using the IS3 sample MVC WS-Fed client found here. and in a separate VS17 I'm using Scott Brady's WS-Fed plug-in Provider example found here.
Short Description of Problem
When just the Provider example solution runs, I can successfully log in (as the alice/alice user) and check Client Application Permissions (though none exist) so I am confident that Scott's WS-Fed Provider is working as advertized.
However when I run the WS-Fed client example and wire it up to the WS-Fed Provider, then try to check claims on a user, here's what happens:
Client starts up on its own port
I click the claims link
client refers to provider IS3 WS-Fed
WS-Fed StackTrace on the certificate validation
I get a StackTrace at ThrowIfContextInvalid() inside System.IdentityModel because the get_Issuer() fails. I don't even get to the refered IS3 login screen because it fails before then.
I wager it's something dumb like the scope of the x509 cert within the server process isn't available to the client process, or maybe my client needs a token signing cert, too? (remember they are both running on the same box in two separate VS17 instances.)
Remember, I haven't coded these samples, simply extract-build-run...in order to understand the flow/connectivity before proceeding.
I did verify:
Server port and RAMMFAR
Server signing cert present
Client Provider = server port, urn, etc.
I could upload code, but it's all in the Gits just as referenced above!
(help me ObiWan, you're my only hope; where ObiWan = @leastprivilege)
Screenshot of Provider asking for credentials
Screenshot of Provider with login credentials accepted
Screenshot of Client startup
Screenshot of StackTrace on WS-Fed provider
I'm looking into the answer found in SO question #39362424 to see if this is solution to my problem...