It looks like Okta recommennds using WS Fed with .net applications. I was wondering if anyone knows why and if there is any reason SAML can not be used instead with Okta Skip to main content
https://support.okta.com/help/answers?id=906f0000000blm8iai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
ThomasThomas (Okta, Inc.)  

It looks like Okta recommennds using WS Fed with .net applications. I was wondering if anyone knows why and if there is any reason SAML can not be used instead with Okta

Original Author: Angela Craghead
Best Answer chosen by Thomas (Okta, Inc.) 
ThomasThomas (Okta, Inc.) 
Hi Eric,

Thanks for confirming the usage of the WS-Federation as the protocol for .Net. We have a following use case :

1. Files are available on a SFTP server.

2. MS Office Sharepoint 365 is federated with Okta as the IDP.

3. We want to store these files in MS SP 365 using some middleware.

4. Okta is setup for MFA.

5. SInce there is no way we can have user authorize the OAuth Grant.

Is it possible to use Client certificate as the identity to talk to Okta to get the WS-Federation

wst:RequestSecurityTokenResponse as a response from Okta and post that to Office 365 Endpoint to get the token.

Appreciate your help on this.

Thanks

Manish

Original Author: Manish Gandhi

All Answers

ThomasThomas (Okta, Inc.) 
You can use SAML if you make your application SAML aware and can consume SAML assertions.  Okta no longer provides/maintains SAML libraries for .Net, so you are on your own for that part of the solution.  The reason for this is that WSFED is native to .Net and typically easier to configure.

I hope that answers your question.  If not, please let me know.

Original Author:  Eric Knittel, Area Professional Services Director, East
ThomasThomas (Okta, Inc.) 
Hi Eric,

Thanks for confirming the usage of the WS-Federation as the protocol for .Net. We have a following use case :

1. Files are available on a SFTP server.

2. MS Office Sharepoint 365 is federated with Okta as the IDP.

3. We want to store these files in MS SP 365 using some middleware.

4. Okta is setup for MFA.

5. SInce there is no way we can have user authorize the OAuth Grant.

Is it possible to use Client certificate as the identity to talk to Okta to get the WS-Federation

wst:RequestSecurityTokenResponse as a response from Okta and post that to Office 365 Endpoint to get the token.

Appreciate your help on this.

Thanks

Manish

Original Author: Manish Gandhi
This was selected as the best answer