Confused about IdpReplyUrl

[mkramar]

I must be missing something fundamental.
I've spent a lot of time looking at examples and I still don't understand it.
What is WindowsAuthenticationOptions.IdpReplyUrl?
What kind of resource it should be pointing to?
In your examples it is pointing to "https://localhost:44333/core/was" but I don't see how this endpoint is configured.

[leastprivilege]

It's the callback path of the WS-Federation relying party (wreply).

[mkramar]

Thanks for answering :)
I'm trying to use WindowsAuthentication server from IdentityServer3.
I'm using UseWsFederationAuthentication() on the IdentityServer3 side.

There is WsFederationAuthenticationOptions.CallbackPath propety, as I understand it should match WindowsAuthenticationOptions.IdpReplyUrl, correct?

my confusion:

What is listening at this URL?
Is this URL handled by WsFederationMiddleware?
Do I have to handle it somehow?

[leastprivilege]

CallbackPath is relative to the app base dir, IdpRreplyUrl is absolute.

Yes - the WSfed middleware is listening.

[mkramar]

I did a bit of debugging and figured out the solution
Hope this will help

In WsFederationAuthenticationOptions I had to comment out CallbackPath initialization.
This fixed the problem for me.
It seems that "was" ending does not matter and there is nothing listening to this specific ending.
WsFed middleware is just listening on all requests.
From FORM post content it is figuring out if this request should be processed.
If CallbackPath is assigned then logic is more complicated and it did not work to me.