To improve Windows Server I suggest you ...

Enable the selection of the issuer claim per OpenID relying party

AD FS publishes two different issuer values in the public https://<domain>/adfs/.well-known/openid-configuration : One is called 'issuer' the other is 'access_token_issuer' - the access_token_issuer is optional in the standard. The value that is issued in the access token iss claim is always the 'access_token_issuer' some clients (.Net ones) validate the access token against the 'access_token_issuer' others (using open source libraries) will only validate against the 'issuer'
It would be great if I could select per relying party which value is returned in the access token iss claim.

3 votes
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Allan Manson shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base