基于Geneva Beta 1(+ Cardspace)的自定义STS的主动联合 [英] Active federation with a custom STS based on Geneva Beta 1 (+Cardspace)
问题描述
我已经成功安装了一个连接到我公司内部各种属性源的自定义STS(基于Geneva SDK Beta 1)。到目前为止,我工作得很好。此STS仅供支持Cardpace的客户端使用,可访问各种RP。
我们的合作伙伴之一也建立了自己的STS。我们现在想做的是在我们的两个STS之间建立一个联盟。我们希望我们的STS接受来自合作伙伴STS的SAML断言。事实上,我们希望完全按照此处的描述进行操作:http://www.microsoft.com/downloads/details.aspx?FamilyID = 9ca5c685-3172-4d8f-81cb-1a59bdc9f7e3& displaylang = en,在"介绍"中日内瓦Beta 1白皮书",图11,其中来自企业X的STS和来自企业Y的STS是联合的(第18页)。
到目前为止,我已经想到:
我们会是企业X(RP + STS或RP-STS)
#我们的合作伙伴是企业Y
我正在寻找有关如何具体实施这种情况的技术信息。我需要对自定义STS进行哪些更改才能与我们的合作伙伴的STS建立联盟?
在此页面上http://www.microsoft.com/downloads/details.aspx?displaylang=en& FAMILYID = 57602615-e1ee-4775-8b79-367b7007e178&安培;散列= lx93GRzrV4Wbcq6G7Wddz9csg%2f3Lqg96vdvGYZ%2b1LR0R63fthefRdtQ1vLwbHFaQgkkA9X71er%2fDHoW%2bi2sWDA%3D%3D,有一种叫做GenevaServerFederatedCollaboration-SBS-指南.pdf指南,其中描述了如何做,与Contoso的/ Fabrikam的例子。问题是这个例子使用了一个日内瓦服务器(如果我理解的话,最近改名为ADFS 2.0),带有UI和所有内容:我没有日内瓦服务器,我有一个基于日内瓦SDK的自定义STS,所以我不喜欢"我真的知道什么是"手动配置"我应该这样做。
我注意到网上有很多代码/样本来解释联合,但通常它基于被动联合而不是主动联合,很少使用Cardspace。
任何人都可以向我提供有关如何配置STS以便与我们的合作伙伴的STS建立联盟的任何提示/建议吗?
提前致谢,祝各位光临, />是Mfenetre
我发现的最接近具体例子的是"书店"。日内瓦Beta 1 SDK附带的示例(也称为"活动联合方案")(在"用于Web服务的联合"目录中)。
我查看了示例中的不同文件文件夹(特别是"BookstoreSTS",它似乎与我们的STS具有相同的作用,我们的合作伙伴的STS是HomeRealmSTS)。我注意到web.config文件包含一个名为"ws2007FederationHttpBinding"的特定部分。下面是这个评论"<! - 这是从这个STS请求令牌的客户端的绑定。它将客户重定向到HomeRealm STS - >"。不幸的是,这个例子不使用Cardspace而是使用WCF客户端。
这是否适用于Cardspace? (我的意思是'重定向'让我想到网页浏览器......)。它是启用联合链接的方法,在我们的STS的web.config中添加ws2007FederationHttpBinding绑定吗?
有没有人知道基于Cardspace的两个STS之间的"活动联合"的示例?
Hi,
I have successfully installed a custom STS (based on Geneva SDK Beta 1) connected to various attributes sources inside my company. So far, i's working great. This STS is only used by Cardspace-enabled clients, accessing various RPs.
One of our partners has set up its own STS too. What we would like to do now is to establish a federation between our two STS. We want our STS to accept SAML assertions from our partner's STS. In fact, we would like to do exactly what's described here : http://www.microsoft.com/downloads/details.aspx?FamilyID=9ca5c685-3172-4d8f-81cb-1a59bdc9f7e3&displaylang=en, in the "Introducing Geneva Beta 1 Whitepaper", figure 11, where STS from enterprise X and STS from enterprise Y are federated (page 18).
So far, I've figured that:
# We would be Enterprise X (a RP + a STS or RP-STS)
# Our partner would be Enterprise Y
I'm looking for technical information on how to concretly implement this scenario. What changes do I need to do on our custom STS to enable federation with our partner's STS ?
On this page http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=57602615-e1ee-4775-8b79-367b7007e178&hash=lx93GRzrV4Wbcq6G7Wddz9csg%2f3Lqg96vdvGYZ%2b1LR0R63fthefRdtQ1vLwbHFaQgkkA9X71er%2fDHoW%2bi2sWDA%3d%3d, there is a guide called GenevaServerFederatedCollaboration-SBS-Guide.pdf, which describes how to do that with the Contoso/Fabrikam example. The problem is that this example uses a Geneva Server (recently renamed ADFS 2.0 if I understood correctly), with a UI and everything: I don't have a Geneva Server, I have a custom STS based on the Geneva SDK, so I don't really know what "manual configuration" I should do.
I've noticed a lot of code/samples on the web explaining federation, but very often it's based on passive federation instead of active federation and very rarely is Cardspace used.
Can anyone give me any tips/advices on how I should configure my STS to enable the federation with our partner's STS ?
Thanks in advance,
Best regards,
Mfenetre
The closest thing I've found to a concrete example is the "Bookstore" example (also called "Active federation scenario") shipped with the Geneva Beta 1 SDK (in the directory "Federation for Web Services").
I had a look a the different files in the example folder (particularly the "BookstoreSTS", which seems to have the same role as our STS, our partner's STS being the HomeRealmSTS). I've noticed that the web.config file contains a specific section called "ws2007FederationHttpBinding". Just below is this comment "<!-- This is the binding for the clients requesting tokens from this STS. It redirects clients to the HomeRealm STS -->". Unfortunately, this example does not use Cardspace but a WCF client.
Does this work with Cardspace ? (I mean the 'redirects' make me think of a web browser...). Is it the way to go to enable the federation link, add a ws2007FederationHttpBinding binding in the web.config of our STS ?
Does anyone know an example of 'active federation' between two STS based on Cardspace ?
这篇关于基于Geneva Beta 1(+ Cardspace)的自定义STS的主动联合的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
