Authentication
Authentication with REST API can be done either by authentication through ADFS or Key. Only one authentication type can be set on the store. You can change authentication type in Admin Web > Edit Store > API Authentication.
Retrieve SAML token using Username authentication
PowerShell - Get SAML token from ADFS using Username authentication
Add-Type -AssemblyName "System.ServiceModel"
Add-Type -AssemblyName "System.IdentityModel"
$binding = New-Object System.ServiceModel.WSHttpBinding([System.ServiceModel.SecurityMode]::TransportWithMessageCredential)
$binding.Security.Message.EstablishSecurityContext = $false
$binding.Security.Message.ClientCredentialType = [System.ServiceModel.MessageCredentialType]::UserName
$stsServiceUri = New-Object System.Uri("https://<ADFSHOSTNAME>/adfs/services/trust/13/UsernameMixed")
$stsEndPoint = New-Object System.ServiceModel.EndpointAddress($stsServiceUri)
$factory = New-Object System.ServiceModel.Security.WSTrustChannelFactory($binding, $stsEndPoint)
$factory.TrustVersion = [System.ServiceModel.Security.TrustVersion]::WSTrust13
$factory.Credentials.UserName.UserName = "<USERNAME>"
$factory.Credentials.UserName.Password = "<PASSWORD>"
$tokenRequest = New-Object System.IdentityModel.Protocols.WSTrust.RequestSecurityToken
$tokenRequest.Issuer = New-Object System.IdentityModel.Protocols.WSTrust.EndpointReference("https://<ADFSHOSTNAME>")
$tokenRequest.RequestType = [System.IdentityModel.Protocols.WSTrust.RequestTypes]::Issue
$tokenRequest.KeyType = [System.IdentityModel.Protocols.WSTrust.KeyTypes]::Bearer
$tokenRequest.AppliesTo = New-Object System.IdentityModel.Protocols.WSTrust.EndpointReference("https://<ZERVICEPOINTHOSTNAME>/")
$token = $factory.CreateChannel().Issue($tokenRequest)
$samlToken = [System.Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes($token.TokenXml.OuterXml));
# Copy to clipboard
"SAML $($samlToken)" | clip
C# - Get SAML token from ADFS using Username authentication
var binding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
var stsServiceUri = new Uri("https://<ADFSHOSTNAME>/adfs/services/trust/13/UsernameMixed");
var stsEndPoint = new EndpointAddress(stsServiceUri);
var factory = new WSTrustChannelFactory(binding, stsEndPoint) { TrustVersion = TrustVersion.WSTrust13 };
factory.Credentials.UserName.UserName = "<USERNAME>";
factory.Credentials.UserName.Password = "<PASSWORD>";
var tokenRequest = new RequestSecurityToken {
Issuer = new EndpointReference("https://<ADFSHOSTNAME>"),
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer,
AppliesTo = new EndpointReference("https://<ZERVICEPOINTHOSTNAME>/")
};
var token = factory.CreateChannel().Issue(tokenRequest) as GenericXmlSecurityToken;
var samlToken = Convert.ToBase64String(Encoding.Default.GetBytes(token.TokenXml.OuterXml));
Retrieve SAML token using Windows authentication
PowerShell - Get SAML token from ADFS using Windows authentication
Add-Type -AssemblyName "System.ServiceModel"
Add-Type -AssemblyName "System.IdentityModel"
$binding = New-Object System.ServiceModel.WS2007HttpBinding([System.ServiceModel.SecurityMode]::TransportWithMessageCredential)
$binding.Security.Message.EstablishSecurityContext = $false
$binding.Security.Message.ClientCredentialType = [System.ServiceModel.MessageCredentialType]::Windows
$spnIdentity = [System.ServiceModel.EndpointIdentity]::CreateSpnIdentity("host/<ADFSHOST>")
$adfsUri = New-Object System.Uri("https://<ADFSHOST>/adfs/services/trust/13/windowsmixed")
$adfsAddress = New-Object System.ServiceModel.EndpointAddress($adfsUri, $spnIdentity)
$factory = New-Object System.ServiceModel.Security.WSTrustChannelFactory($binding, $adfsAddress)
$factory.TrustVersion = [System.ServiceModel.Security.TrustVersion]::WSTrust13
$tokenRequest = New-Object System.IdentityModel.Protocols.WSTrust.RequestSecurityToken
$tokenRequest.RequestType = [System.IdentityModel.Protocols.WSTrust.RequestTypes]::Issue
$tokenRequest.KeyType = [System.IdentityModel.Protocols.WSTrust.KeyTypes]::Bearer
$tokenRequest.AppliesTo = New-Object System.IdentityModel.Protocols.WSTrust.EndpointReference("https://<ZERVICEPOINTHOST>/")
$token = $factory.CreateChannel().Issue($tokenRequest)
$samlToken = [System.Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes($token.TokenXml.OuterXml));
# Copy to clipboard
"SAML $($samlToken)" | clip
C# - Get SAML token from ADFS using Windows authentication
var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
binding.Security.Message.EstablishSecurityContext = false;
var spnIdentity = EndpointIdentity.CreateSpnIdentity("host/<ADFSHOST>");
var adfsUri = new Uri("https://<ADFSHOST>/adfs/services/trust/13/WindowsMixed");
var adfsAddress = new EndpointAddress(adfsUri, spnIdentity);
var factory = new WSTrustChannelFactory(binding, adfsAddress) { TrustVersion = TrustVersion.WSTrust13 };
var tokenRequest = new RequestSecurityToken {
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer,
AppliesTo = new EndpointReference("https://<ZERVICEPOINTHOST>/")
};
var token = factory.CreateChannel().Issue(tokenRequest) as GenericXmlSecurityToken;
var samlToken = Convert.ToBase64String(Encoding.Default.GetBytes(token.TokenXml.OuterXml));