Support for WS-Federation (WS-Fed) Protocol

[zoefarrell]

Support for WS-Federation (WS-Fed) Protocol

Problem

Many organizations still depend on identity providers using WS-Federation (e.g., older ADFS or Microsoft-based systems). Without WS-Fed support, FusionAuth can’t directly integrate, requiring extra infrastructure or manual workarounds.

Solution

Add native WS-Fed support so FusionAuth can act as a relying party. Configuration should work similarly to SAML or OIDC providers, including metadata import and claim mapping.

Alternatives/workarounds

• Use a bridge service (e.g., Keycloak or Azure AD) to convert WS-Fed to OIDC/SAML.
• Keep a legacy IdP active just for WS-Fed apps.
• Rewrite WS-Fed apps to use modern protocols (often not feasible).

Additional context

This would ease migrations from legacy systems and support enterprises with mixed protocol requirements.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or feedback on how this feature should work.

[mooreds]

I have a hard time believing we'd ever support this (based on our focus on OIDC and SAML), but would love for folks in the community to upvote this if it is important to them and/or provide use cases.