0

We have a client using SSO already with us, they post SAML assertions to one of our .aspx pages, which decodes the assertion and authenticates the user. We have been asked by a second customer to user SSO as well, but they use Active Directory Federation Services.

Having read through the documentation, I can't figure out how to use my existing solution for AD customers too, as they don't seem to send SAML assertions, but "claims", which at the moment I'm not sure what the difference between this and a SAML assertion is. Anybody could shed some light on this? If I need to write a new aspx page for my new AD customer, what would be the starting points for both ends (customer and our application)?

Rafael
  • 1,099
  • 5
  • 23
  • 47

1 Answers1

0

Claims ARE SAML assertions. The ADFS returns a SAML token including assertions (claims) and the signature.

If you already have your identity provider and you want to integrate it with ADFS, you either federate ADFS with the identity provider (so that ADFS allows users to select the authentication source) or vice versa.

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106