ComponentSpace

Forums



Validate type of IdentityProvider


Validate type of IdentityProvider

Author
Message
dmitry.karabanovich
dmitry.karabanovich
New Member
New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)

Group: Forum Members
Posts: 13, Visits: 101
Hello everyone,

There is a situation: Service Provider application that uses SSO integration with ADFS (as an example, no matter what IdP will be chosen) is developed. This application provides the possibility for a user to configure all needed information about IdP via application UI (Name, SingleSignOnServiceUrl, and so on). The following option arises: a user can input information, not about ADFS IdP but about any other possible IdP (e.g. Okta) when integration with ADFS is only supported.
Is there a way of checking IdP information to identify the type of IdP?

Thank you, Dmitry!
 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Dmitry,

I'm not aware of any way to guarantee the supplied information refers to an ADFS instance rather than some other IdP.

ADFS URLs etc follow a standard pattern. The entity ID/provider name format is "http://<server-name>/adfs/services/trust" and URLs are "https://<server-name>/adfs/ls/". However, it is possible to configure ADFS to use a different name and URLs.

You could ask the user to confirm the information if it doesn't follow this pattern but I wouldn't prevent them entering different information just in case they've configured ADFS in a non-standard manner.  

Regards
ComponentSpace Development
dmitry.karabanovich
dmitry.karabanovich
New Member
New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)

Group: Forum Members
Posts: 13, Visits: 101
ComponentSpace - 11/2/2020
Hi Dmitry,

I'm not aware of any way to guarantee the supplied information refers to an ADFS instance rather than some other IdP.

ADFS URLs etc follow a standard pattern. The entity ID/provider name format is "http://<server-name>/adfs/services/trust" and URLs are "https://<server-name>/adfs/ls/". However, it is possible to configure ADFS to use a different name and URLs.

You could ask the user to confirm the information if it doesn't follow this pattern but I wouldn't prevent them entering different information just in case they've configured ADFS in a non-standard manner.  

Got it, thank you for the response!

Whether this situation (possible customization of IdP URL) is relevant for other SSO solutions like Azure AD and Okta? Maybe in the case of Azure AD and Okta, it is possible to find find a constant template for EntityId validation.

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
For cloud offerings like Azure AD and Okta they tend to follow a standard pattern. However, this is by convention and there's nothing to say they couldn't change this.

Regards
ComponentSpace Development
dmitry.karabanovich
dmitry.karabanovich
New Member
New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)New Member (20 reputation)

Group: Forum Members
Posts: 13, Visits: 101
ComponentSpace - 11/6/2020
For cloud offerings like Azure AD and Okta they tend to follow a standard pattern. However, this is by convention and there's nothing to say they couldn't change this.

Thank you for the response!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search