Hi
I have an application Support that is part of my site
MySite.com
I have added a new Relying Party Trust in ADFS with the WS Federation Passive protocol URL = "https://MySite.com" and trust identifier: "https://MySite.com"
In my web application I have updated the web.config identity Model part as below
<system.identityModel> <identityConfiguration><claimsAuthenticationManager type="Settings.ClaimsTransformationModule, Settings" /><audienceUris><add value="https://MySite.com/" /></audienceUris> <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><trustedIssuers><add thumbprint="927D0A1E8F2841DDB47DFC045757FFD3EB184F82" name="https://identity.com/adfs/services/trust" /></trustedIssuers></issuerNameRegistry> <certificateValidation certificateValidationMode="None" /></identityConfiguration></system.identityModel><system.identityModel.services><federationConfiguration> <cookieHandler requireSsl="true" /><wsFederation passiveRedirectEnabled="true"
issuer="https://identity.com/adfs/ls/"
realm="https://MySite.com/"
reply="https://MySite.com/"
requireHttps="true" /></federationConfiguration></system.identityModel.services><system.serviceModel>I can successfully login and browse Support Application.
note that support application is inside the root https://MySite.com/Support/Default.aspx
I use Group claim to allow a specific group user to access this application
Now I want to add another Settings Application in my site https://MySite.com/Settings/Default.aspx that will also to authorize login for another set of usersgroup.
How I can setup ADFS and my applications to handle this case as this is the same site but different applications ?
I don't want that a user from one group that have access to Support have also access to Setting