Atomia Identity

Overview

The STS should be aware of the web application’s certificate via which the web application will authenticate to the STS.

Add the information about your web application’s certificate to the web.config of the STS within themicrosoft.identityModel section:

<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=0.6.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add name="CN=Your Web Application Certificate Name" thumbprint="14f8d3701f0121e20a934baf140d712b4d83550d"/>
</trustedIssuers>
</issuerNameRegistry>

The same element should be added in element with xpath configuration\microsoft.identityModel\service\securityTokenHandlers\securityTokenHandlerConfiguration\issuerNameRegistry\trustedIssuers

Change the following properties in the above example:

To view details of your web application’s certificate use Microsoft Management Console application ( mmc ).

There’s one additional setting that needs to be added to the web.config within the relyingParty section :

<add storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" findValue="CN=Your Web Application Certificate Name" rpAddress="Your Web Application's address"/>

For the Atomia Identity (STS) we must set which Certificate Provider to use for our web application URI:

<type type="IRpCertProvider" mapTo="AtomiaRpCertificateProvider" name="http://localhost/MvcIdentity">
</type>

Change the following properties in the above example: