ComponentSpace

Forums



ADFS Integration Guides


ADFS Integration Guides

Author
Message
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)

Group: Administrators
Posts: 2.1K, Visits: 5.1K
These documents describe SAML SSO integration with ADFS acting as the identity provider (claims provider) or service provider (relying party).
ComponentSpace SAML for ASP.NET ADFS Relying Party Integration Guide
ComponentSpace SAML for ASP.NET ADFS Claims Provider Integration Guide

Regards
ComponentSpace Development
neilp
neilp
New Member
New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)

Group: Forum Members
Posts: 11, Visits: 60
Reading through the guide for "Claims Provider Integration Guide", I've been struggling to understand how a Relying Party is signed in to using ADFS.
The guide does a great job of explaining how a custom Claims Provider (written in Component Space's component :)) can create an assertion that ADFS consumes. Once "logged in" to ADFS, the hop to the Example Relying Party is a little bit vague. Is this passed as another assertion which the Relying Party must itself consume (I feel that's not the case as it would be pointless getting ADFS to do anything if that was true), but I fail to see how the valid ADFS session can be used by the RP.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)

Group: Administrators
Posts: 2.1K, Visits: 5.1K
The hop to the example relying party is using SAML SSO. In this case ADFS is now acting as the IdP and generates and sends a new SAML assertion to the relying party (SP).
Of course, some other protocol could be used for federation with the relying party. In our example we use SAML SSO to the ExampleServiceProvider.
Even if you're using SAML SSO to the relying party, there may be some circumstances where it makes sense to include ADFS rather than going directly from the IdP to the SP. For example, ADFS may be used to perform a claims mapping or to include additional claims retrieved from ActiveDirectory.
However, there will be use cases where involving ADFS is unnecessary and direct SSO between the IdP and SP with no ADFS involvement makes more sense.

Regards
ComponentSpace Development
neilp
neilp
New Member
New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)New Member (46 reputation)

Group: Forum Members
Posts: 11, Visits: 60
ComponentSpace - 11/3/2019
The hop to the example relying party is using SAML SSO. In this case ADFS is now acting as the IdP and generates and sends a new SAML assertion to the relying party (SP).
Of course, some other protocol could be used for federation with the relying party. In our example we use SAML SSO to the ExampleServiceProvider.
Even if you're using SAML SSO to the relying party, there may be some circumstances where it makes sense to include ADFS rather than going directly from the IdP to the SP. For example, ADFS may be used to perform a claims mapping or to include additional claims retrieved from ActiveDirectory.
However, there will be use cases where involving ADFS is unnecessary and direct SSO between the IdP and SP with no ADFS involvement makes more sense.

Perfect explanation, thanks for clarifying! :)
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)ComponentSpace Development (3K reputation)

Group: Administrators
Posts: 2.1K, Visits: 5.1K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









ComponentSpace Forums


Search