0

Am pretty new to ADFS. We have a requirement of enabling SSO between our application (A) and Client application (B). B is configured to authenticate against ADFS. We need to integrate A with B and enable SSO. User will always login from B and will have link to A. When user clicks on link, he should be navigated to page in A. We want the authentication mechanism to A via a centralized module (may be service).

I have 2 questions. 1. if we get relevant information from client ADFS like Relying party Id,ADFS endpoint and Certificate details to implement a service that will take care of passing claims to our application A, is it possible.

  1. Once the user cliks on link in B, how do we get the claims in A if A is not "Hardcoded" configured with client's ADFS.

Kindly guide.

Improve this question

1 Answer 1

Reset to default
0

There are multiple ways:

  • both A and B are federated with your ADFS and use ws-fed, thus navigating to A from B involves ADFS but this happens quickly and without user interaction
  • B acts as a Relying STS so that A authenticates in B using ws-fed. This is difficult if you haven't done this before
  • B passes user credentials to A using yet another, completely custom way. One of our apps (your B) shows a qr-code that another app (your A) scans and uses the qr encoded one-time guid to ask B directly on whom the guid belongs to

My recommendation is the first way and the last if first is not applicable.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks Wiktor for inputs. Our client needs to have ADFS authentication for A happens thro some service. Can you please shed more lights in second point and any URL where we can have reference.
Years ago I wrote a tutorial on that wiktorzychla.com/2011/08/… (this is actually a 6 part tutorial). I haven't updated it to WIF4.5 however you should be able to follow it. In case of some serious issues, come back with more specific questions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.