I found the mex URL after looking at msal4j project:
https://autologon.microsoftazuread-sso.com/datvuze.onmicrosoft.com/winauth/trust/mex
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I heard that Azure AD supports WS-Trust authentication protocol. However, I couldn't find anywhere the information about the STS url. In WS-Trust, clients need a STS in order to get the assertion (SOAP message) before sending it to Service Providers.
In ADFS, the STS endpoints are:
Please advise which STS url should be used in Azure AD. Thanks.
I found the mex URL after looking at msal4j project:
https://autologon.microsoftazuread-sso.com/datvuze.onmicrosoft.com/winauth/trust/mex
It's https://sts.windows.net/{tenantid}/, or https://login.windows.net/{tenantid}/{protocolname} for token issuance. Here's a sample article with more details: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/migrate-adfs-apps-to-azure#map-identity-provider-idp-settings
As I understand the pattern: "http://adfs.test.com/adfs/services/trust" is replaced by "https://sts.windows.net/{tenant-id}/" ?
It seems doesn't work for my test.
Normally the metadata exchange URL should provide information about all "<wsdl:port>" including Usernamemixed and Kerberosmixed. Please advise.
I think that is the Federation metadata, not Exchange metadata.
I checked to content and it is for SAML authentication, not WS-Trust.
In ADFS, there are two separate metadata URLs:
Not sure how Azure AD handles the Exchange metadata URLs. I'm confused.