0

I have a scenario where I have four to five web based application, which needs to have a common centralized authentication system, in this case how feasible is the SAML based approach i.e each time user want to access any of these web application the user is redirected to SAML server which in return redirects to the IDP, or is their some better solution for such architecture as I am new to the this domain

Phalguni Mukherjee
  • 623
  • 3
  • 11
  • 29

1 Answers1

1

What you describe is exactly what SAML is designed to solve.

The user is normally only redirected to the SAML Identity Provider (Idp) on the first access to an application (a service provider (SP)). When the user is successfully authenticated by the Idp, the SP sets a cookie in the user's browser to handle authentication of subsequent requests.

Anders Abel
  • 67,989
  • 17
  • 150
  • 217
  • @Andres you are right, but what I mean to say is their should be one centralized server on SP side that will do the job of forwarding the requesr to IDP other all SP would contact this one centralized server for authentication totally unaware whether it is using SAML or something else. – Phalguni Mukherjee Mar 31 '14 at 17:29
  • That depends on what technology you use. The centralized server you are talking about could be for example a Microsoft ADFS server. But if possible, I'd suggest using SAML2 all the way. How that is done is dependent on what technology stack your web app is built on. – Anders Abel Mar 31 '14 at 17:59