...
- Expand the WS-Federation (Passive) Configuration or OpenID Configuration.
Enter the identifier for the Passive STS Realm and the OpenID Realm. These identifiers need to be specified as identification when the service provider reaches out to the Identity Server. For WS-Federation (Passive), you can also specify the endpoint of the realm in Passive STS WReply URL.
Tip Tip: When WS-Federation Passive request comes from a relying party, it checks whether there is a Passive STS WReply URL defined for the service provider. If there is a Passive STS WReply URL defined, it sets the
replyTo
URL as the one given in service provider configurations (this may override thereplyTo
parameter given in the request). If there is no Passive STS WReply URL defined in the service provider configuration, thereplyTo
URL given in the request is used. If there is noreplyTo
URL given in the request,wtrealm
is used for as thereplyTo
URL.
Configuring Kerberos KDC
Kerberos is an authentication protocol which can be used to secure communications in web services. Kerberos enables you to exchange user credentials securely. Thus, it also provides mutual authentication in which the server can also authenticate itself to the client.
...