ADFS 2.0、SSO 和 SAML 2.0 [英] ADFS 2.0, SSO and SAML 2.0

问题描述

这是太多信息=太多混乱的典型例子.我有一个 ASP.NET Web 应用程序，它使用通常的 POST 表单身份验证并希望实现 SSO.由于我们是 Microsoft 商店，因此我们将使用 ADFS 2.0.为了实施 SSO，我知道我还需要 WIF 来处理 SAML 请求?我是否将 WIF 安装在与 ADFS 相同的服务器下?

This is a classic example of too much information = too much confusion. I have a ASP.NET web application that uses the usual POST form authentication and would like to implement SSO. Since we're a Microsoft shop we will use the ADFS 2.0. In order to implement SSO I understand that I will need to have also WIF to process SAML requests? Do I install the WIF under the same server as the ADFS?

我仍想重定向失败的 SSO 请求或非 SSO 请求以使用表单，我该如何处理?

I still want to re-direct failed SSO requests or non SSO requests to use the form, how do I handle this?

有人可以描述一下流程吗?

Can someone please describe the flow?

谢谢！

推荐答案

所以你正在使用 SAML 到一些 3rd 方 STS?

So you are using SAML to some 3rd party STS?

WIF(开箱即用)不支持 SAML.

WIF (out the box) does not support SAML.

有一个 WIF SAML 扩展，但目前只是 CTP(社区技术预览).

There is a WIF SAML extension but this is only CTP (Community Technology Preview) at this point.

WIF 与您的 ASP.NET 应用程序集成.对于 .NET 4 及以下版本，有单独的下载.对于 .NET 4.5，已集成.

WIF is integrated with your ASP.NET application. For .NET 4 and below, there is a separate download. For .NET 4.5, it's integrated.

WIF 只是应用程序中的一组 .NET 类.

WIF is just a set of .NET classes inside your application.

您使用名为 FedUtil 的工具将 WIF 与您的 ASP.NET 应用程序集成，该工具是 WIF SDK 下载的一部分.(由 VS 中的添加 STS"调用).

You integrate WIF with your ASP.NET application using a tool called FedUtil which is part of the WIF SDK download. (Invoked by "Add STS" inside VS).

ADFS 安装会在服务器上安装 WIF，但这与您的应用程序是分开的.

The ADFS install installs WIF on the server but this is seperate to your application.

流程是:

.NET 应用程序 --> (WIF) --> (WS-Federation) --> ADFS --> (SAML) --> STS

.NET Application --> (WIF) --> (WS-Federation) --> ADFS --> (SAML) --> STS

这篇关于ADFS 2.0、SSO 和 SAML 2.0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！