What is Azure AD's STS url?

Dat Vu 116 Reputation points
2020-04-30T00:45:07.203+00:00

I heard that Azure AD supports WS-Trust authentication protocol. However, I couldn't find anywhere the information about the STS url. In WS-Trust, clients need a STS in order to get the assertion (SOAP message) before sending it to Service Providers.

In ADFS, the STS endpoints are:

Please advise which STS url should be used in Azure AD. Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,103 questions
0 comments No comments
{count} votes

3 additional answers

Sort by: Most helpful
  1. Vasil Michev 92,596 Reputation points MVP
    2020-04-30T06:41:21.997+00:00
    1 person found this answer helpful.
    0 comments No comments

  2. Dat Vu 116 Reputation points
    2020-04-30T14:40:45.627+00:00

    As I understand the pattern: "http://adfs.test.com/adfs/services/trust" is replaced by "https://sts.windows.net/{tenant-id}/" ?

    It seems doesn't work for my test.

    • Metadata exchange URL: "https://sts.windows.net/{tenant-id}/mex" => HTTP ERROR 404. It works fine with "https://adfs.test.com/adfs/services/trust/mex"
    • Username URL: "https://sts.windows.net/{tenant-id}/13/usernamemixed"
    • Kerberos URL: "https://sts.windows.net/{tenant-id}/13/kerberosmixed"

    Normally the metadata exchange URL should provide information about all "<wsdl:port>" including Usernamemixed and Kerberosmixed. Please advise.

    7855-untitled.png


  3. Dat Vu 116 Reputation points
    2020-04-30T16:05:59.26+00:00

    I think that is the Federation metadata, not Exchange metadata.

    I checked to content and it is for SAML authentication, not WS-Trust.

    https://login.windows.net/{tenant-id}/federationmetadata/2007-06/federationmetadata.xml?appid={application-id}

    In ADFS, there are two separate metadata URLs:

    1. Federation metadata (for SAML): https://adfs.test.com/FederationMetadata/2007-06/FederationMetadata.xml
    2. Exchange metadata (for WS-Trust): https://adfs.test.com/adfs/services/trust/mex

    Not sure how Azure AD handles the Exchange metadata URLs. I'm confused.