TrustIdentity.WsFederation
1.0.2
dotnet add package TrustIdentity.WsFederation --version 1.0.2
NuGet\Install-Package TrustIdentity.WsFederation -Version 1.0.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="TrustIdentity.WsFederation" Version="1.0.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="TrustIdentity.WsFederation" Version="1.0.2" />
<PackageReference Include="TrustIdentity.WsFederation" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add TrustIdentity.WsFederation --version 1.0.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: TrustIdentity.WsFederation, 1.0.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package TrustIdentity.WsFederation@1.0.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=TrustIdentity.WsFederation&version=1.0.2
#tool nuget:?package=TrustIdentity.WsFederation&version=1.0.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
TrustIdentity.WsFederation
WS-Federation support for TrustIdentity
📦 Overview
TrustIdentity.WsFederation provides WS-Federation protocol support for legacy enterprise integrations. This is included for free (unlike Duende which sells it separately).
✨ Features
- ✅ WS-Federation 1.2 - Complete protocol support
- ✅ Passive Sign-In - Browser-based authentication
- ✅ Passive Sign-Out - Logout support
- ✅ Metadata - Automatic metadata generation
- ✅ SAML 1.1 & 2.0 Tokens - Token format support
- ✅ Claims Mapping - Flexible claims transformation
🚀 Installation
dotnet add package TrustIdentity.WsFederation
🔧 Usage
Basic Setup
using TrustIdentity.WsFederation.Extensions;
builder.Services.AddTrustIdentity(options => { ... })
.AddWsFederation(options =>
{
options.Issuer = "https://identity.example.com/wsfed";
options.SigningCertificate = certificate;
});
Advanced Configuration
builder.Services.AddWsFederation(options =>
{
// Issuer
options.Issuer = "https://identity.example.com/wsfed";
// Endpoints
options.SignInUrl = "https://identity.example.com/wsfed";
options.SignOutUrl = "https://identity.example.com/wsfed/signout";
options.MetadataUrl = "https://identity.example.com/wsfed/metadata";
// Certificates
options.SigningCertificate = signingCertificate;
// Token options
options.TokenType = "urn:oasis:names:tc:SAML:2.0:assertion";
options.TokenLifetime = TimeSpan.FromMinutes(5);
// Relying parties
options.RelyingParties = new[]
{
new RelyingParty
{
Realm = "https://app.example.com/",
ReplyUrl = "https://app.example.com/signin-wsfed",
TokenType = "urn:oasis:names:tc:SAML:2.0:assertion"
}
};
});
📋 WS-Federation Endpoints
GET /wsfed # Sign-in endpoint
GET /wsfed/signout # Sign-out endpoint
GET /wsfed/metadata # Federation metadata
🔧 Configuration
Relying Party Configuration
options.RelyingParties = new[]
{
new RelyingParty
{
// Realm (Application identifier)
Realm = "https://app.example.com/",
// Reply URL (where to send token)
ReplyUrl = "https://app.example.com/signin-wsfed",
// Token type
TokenType = "urn:oasis:names:tc:SAML:2.0:assertion",
// Token lifetime
TokenLifetime = TimeSpan.FromMinutes(5),
// Claims to include
ClaimTypesOffered = new[]
{
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
}
}
};
🎯 Use Cases
SharePoint Integration
builder.Services.AddWsFederation(options =>
{
options.RelyingParties = new[]
{
new RelyingParty
{
Realm = "urn:sharepoint:portal",
ReplyUrl = "https://sharepoint.example.com/_trust/",
TokenType = "urn:oasis:names:tc:SAML:1.1:assertion"
}
};
});
ADFS Integration
builder.Services.AddWsFederation(options =>
{
options.Issuer = "https://identity.example.com/wsfed";
options.RelyingParties = new[]
{
new RelyingParty
{
Realm = "https://adfs.example.com/",
ReplyUrl = "https://adfs.example.com/adfs/ls/",
TokenType = "urn:oasis:names:tc:SAML:2.0:assertion"
}
};
});
📊 WS-Federation Request Example
GET /wsfed?wa=wsignin1.0
&wtrealm=https://app.example.com/
&wreply=https://app.example.com/signin-wsfed
&wctx=rm=0&id=passive&ru=/
Response (SAML Token)
<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:Lifetime>
<wsu:Created>2026-02-02T12:00:00Z</wsu:Created>
<wsu:Expires>2026-02-02T12:05:00Z</wsu:Expires>
</t:Lifetime>
<t:RequestedSecurityToken>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://identity.example.com/wsfed</saml:Issuer>
<saml:Subject>
<saml:NameID>user@example.com</saml:NameID>
</saml:Subject>
<saml:AttributeStatement>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<saml:AttributeValue>John Doe</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</t:RequestedSecurityToken>
</t:RequestSecurityTokenResponse>
🔒 Security
Token Signing
options.SigningCertificate = certificate;
options.SignTokens = true;
Claims Mapping
options.ClaimsMapping = new Dictionary<string, string>
{
{ "sub", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" },
{ "name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" },
{ "email", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" },
{ "role", "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" }
};
🏗️ Architecture
TrustIdentity.WsFederation/
├── Services/ # WS-Fed services
│ ├── WsFederationService.cs
│ ├── TokenService.cs
│ └── MetadataService.cs
├── Endpoints/ # WS-Fed endpoints
├── Models/ # WS-Fed models
└── Extensions/ # Configuration extensions
📚 Documentation
- Setup Guide - General setup
- Main Documentation - Overview
📄 License
Apache 2.0 - See LICENSE
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net10.0
- System.IdentityModel.Tokens.Jwt (>= 8.2.1)
- TrustIdentity.Abstractions (>= 1.0.2)
- TrustIdentity.Core (>= 1.0.2)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on TrustIdentity.WsFederation:
| Package | Downloads |
|---|---|
|
TrustIdentity.Server
Complete Enterprise IAM Server - OAuth 2.0, OIDC, SAML, WS-Fed |
GitHub repositories
This package is not used by any popular GitHub repositories.
- Full implementation of OAuth 2.0 and OpenID Connect 1.0.
- Integrated SAML 2.0 and WS-Federation support.
- Advanced AI/ML-driven fraud detection and behavioral analysis.
- FAPI 1.0 & 2.0 (Security Profile) compliance.
- Support for PKCE, DPoP, Mutual TLS, PAR, and JAR.
- Entity Framework Core support for SQL Server, PostgreSQL, MySQL, and SQLite.
- Multi-tenant isolation and Backend-for-Frontend (BFF) patterns.
- Complete Admin UI and REST API for identity management.