Scott Brady

It looks like IdentityServer is trying to pull in an encryption certificate, but you don't have one. If you are storing wsfed configuration in a database, make sure the encryption...

I think if this was an issue on our side, it would have been solved by https://github.com/IdentityServer/IdentityServer3.WsFederation.EntityFramework/pull/1

@bgregorius If you want to pass across your changes for this, I'd be happy to clean it up and create a pull request.

Sure, it will work but there won't be any validation on the request or redirect uri...

If the try catch block is the only change, I'm happy for this to be merged once the exception message is removed from the `BadRequest`

In the WS-Fed plugin you can use a specific identity providers for a sign in request by using the `whr` parameter (see [endpoints](https://identityserver.github.io/Documentation/docsv2/wsFederation/endpoints.html)). There is currently no way of setting...

Yeah, as you said the logic exists for oidc clients, so I imagine there would be some reusable code. PR would be excellent.

Identity Server will only send tokens to reply urls it is aware of before the request is made, for security reasons (it minimizes the attack surface). If this url is...

In theory it is possible to have multiple ReplyUrls, however this requires changes to both the RelyingParty model and SignInValidator (I think). Either way, the change to RelyingParty model is...

A collection for `PostLogoutRedirectUris` was added in #60, however the `ReplyUrl` is still one per Relying Party. Changing this would be a breaking change. IRedirectUriValidator is also implemented for post...