...
- Expand the WS-Trust Security Token Service Configuration and click Configure.
- Specify the required information in the form that appears.
- Endpoint Address - Relying party service endpoint where the token is being delivered to. This is a required field.
- Certificate Alias - Corresponding public certificate for the service endpoint.
- Click Apply. The following information is added to your service provider.
Anchor | ||||
---|---|---|---|---|
|
Configuring WS-Federation (Passive) or OpenID
- Expand the WS-Federation (Passive) Configuration or OpenID Configuration.
Enter the identifier for the Passive STS Realm and the OpenID Realm. These identifiers need to be specified as identification when the service provider reaches out to the Identity Server. For WS-Federation (Passive), you can also specify the endpoint of the realm in Passive STS WReply URL.
Tip Tip: When WS-Federation Passive request comes from a relying party, it checks whether there is a Passive STS WReply URL defined for the service provider. If there is a Passive STS WReply URL defined, it sets the
replyTo
URL as the one given in service provider configurations (this may override thereplyTo
parameter given in the request). If there is no Passive STS WReply URL defined in the service provider configuration, thereplyTo
URL given in the request is used. If there is noreplyTo
URL given in the request,wtrealm
is used for as thereplyTo
URL.
...