Kind of weird to ask this question, I have successfully implement SSO for ASP.NET MVC with ADFS 2.0 on Windows Server 2008 R2, now my Web App needs to authenticate to another LDAP implementation which is Open-LDAP which is on non-windows platform basically a domain controller on linux. I am still not clear in my approach as if this is possible to implement SSO other then windows server Active Directory.
Please suggest an approach to implement the solution as the authentication will be on Open-LDAP.
Any reference implementation is highly appreciated.
ADFS can only authenticate against AD.
The next version on Server 2016 will be able to authenticate against Open-LDAP.
In the meantime, your only option is to federate ADFS with another IDP that can do this e.g. shibboleth.
Related
This question might be silly but needs to know prerequisite before I start reading any documentation of ADFS SSO Integration using asp.net 4.0. So please tell me whether it is possible or not to develop / deploy such kind of system in shared hosting services.
Define shared-hosting services.
If you mean something like Azure, the answer is yes. You can run ADFS in a VM.
ADFS requires Windows server to run.
I want to implement SSO in my ASP.Net Web application running on v.4.0 using ping Federate as Identity Provider.I have tried searching through a lot of stuffs on SSO in .net and all but did't got and clarification yet.
Any help to understand the way of doing SSO or and sample application to do is appreciable.
We implement a web application and host in Azure. Then we want to use the SSO feature which is supported by Microsoft Azure ACS. The Condition to view our Website is that users just need to provide the email address throughout login to IdP. When we implement and configure Web application, we do follow all the instructions on the website as below
http://blog.2mas.xyz/configuring-windows-azure-active-directory-access-control/
For now, we can configure and use Window LiveID, Azure AD to login into our Website.
We have a further requirement that our site should support to login SSO from custom IdP which supports SAML 2.0 such as Okta.
Our current issues: When import the SAML 2.0 XML file to ACS, it does not understand this XML file
Please give us some suggestion to use Azure ACS and okta in this situation?
You might find the following helpful: https://www.okta.com/identity-101/integrating-sso-for-azure-ad
We're in the process of migrating our authentication and authorization logic away from the original membership providers. We are currently looking at Asp.net Identity, but no one on the team has experience with this technology. We've been asked to support ADFS in the future and looking to see if this framework directly supports ADFS, which no one on the team has experience with either.
The only article I've found, http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/ seems to imply asp.net identity will support ADFS as a provider. Are there any other definitive resources for asp.net identity and ADFS?
Regards,
Noobian
ASP.NET Identity offers an "easy" way to add users and authenticate against them in a SQL DB.
ADFS can only authenticate against AD.
WIF is still supported but older - the OWIN WS-Fed libraries are the way to go these days.
If you want to use ASP.NET Identity have a look at thinktecture's IdentityServer. Offers full support for this plus you can federate with ADFS.
I have been tasked to set up Single Signon for asp.net application (SAAS) using IIS server with a client who has ADFS3.0 for providing identity credentials. the users authenticated will be allowed to log in to the web application but i have been going through a lot of information as how to set up service provider files as the application is already running.
what settings and where do i need to configure them. any help will be greatly appreciated.
The "modern" way to do this is by using OWIN.
You will have to change your application as per Use the OWIN Security Components in ASP.NET to Implement Web Sign On with ADFS.
Then add your RP to ADFS and you are good to go.
For completeness. the "old" way to do this is to use WIF as in How To: Build Claims-Aware ASP.NET MVC Web Application Using WIF.