SPAddinOwin.Sample.ADFS High trust

High trust scenario works if you are developing against SharePoint on-premise.
This wiki page describes configuration required in order to run SPAddinOwin.Sample.ADFS in high trust. This configuration steps assume you are fully configured your on-premise environment for apps and have .pfx certificate and password for apps.

Configuration

1. Open SharePoint app registration page, https://sharepoint/sites/dev/_layouts/15/appregnew.aspx
2. Click on 'Generate' for Client id and Client Secret.
   For Title enter SPAddinOwin.Sample.ADFS.
   For App Domain enter localhost:44399 if you are going to deploy using IIS Express (F5 from visual studio). If you want to deploy it on full IIS, enter domain from IIS web site you are created (or going to create).
   For Redirect URI enter any url, for example https://some.url
   Click on "Create".
3. Save generated Client Id and Client Secret.
4. In Visual Studio open SPAddinOwin.SharePoint.ADFS/AppManifest.xml and set

   <RemoteWebApplication ClientId="<Client Id from step #3>" />
   

5. If you are going to deploy using IIS Express with Visual Studio, leave StartPage inside AppManifest.xml unchaged. If you are using full IIS and another url, update StartPage accordingly.
6. In Visual Studio, left click on SPAddinOwin.SharePoint.ADFS project, then in the top menu View -> Properties Window. Update Site URL to point to your SharePoint developer site, i.e. https://sharepoint/sites/dev
7. Right click on SPAddinOwin.Sample.ADFS -> Deploy. Wait for the add-in to be deployed. After deployment your browser will be launch with the add-in trust page. Click on "Trust it" and you will be redirected to your app. For now it doesn't work, because we didn't configured web application yet, so it's ok. Now we need to update properties for corresponding web application and run it.
8. Inside Web.config update ClientIdfrom step #3, ClientSigningCertificatePath, ClientSigningCertificatePassword, IssuerId from your app configuration.
9. You also need to specify Wtrealm and MetadataAddress address parameters. MetadataAddress is your ADFS server metadata url, for example https://adfs3/federationmetadata/2007-06/federationmetadata.xml. Wtrealm is you authentication realm for SharePoint. You can get it by opening relying party on ADFS server or running Get-SPTrustedIdentityTokenIssuer cmdlet on SharePoint server and copy DefaultProviderRealm value.
10. Right click on Web/SPAddinOwin.Sample.ADFS -> Set as Start up project.
11. Inside Visual Studio Press F5 (or deploy to IIS and run from there)
12. You will get an exception Unable to determine host url. That's ok, since we are not in SharePoint context. For you project you can add more meaningful exception UI.
13. On SharePoint site, https://sharepoint/sites/dev go to All site contents and click on your app.
14. Your app should be loaded.