0

I am trying to understand what are the steps involved in enabling HTTP artifact binding in ADFS 3.0 that could resolve my SAML assertion sending via GSA (Google Search Appliance). I need to provide an "Artifact Resolver URL" to GSA. so I need to know what steps are involved in ADFS 3.0 to make this URL working.

I see below document that talks about this in section 4.8, but that did not help me and also it is for ADFS 2.0.

http://download.microsoft.com/documents/France/Interop/2010/Using_ADFS2_0_For_Interoperable_SAML_2_0-Based_Federated_SSO.docx

https://SAML-hostname:port/saml-bridge/Resolve.aspx
JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
Praveen Gullapalli
  • 33
  • 1
  • 5

1 Answers1

0

The steps for ADFS 2 and 3 are much the same.

You have to run ADFS on SQL Server not WID.

The process is described here: SP-initiated Single Sign-On POST/Artifact Bindings.

Also ADFS is a SP not an IDP in this scenario.

Basically:

  • ADFS send AuthnRequest
  • User authenticates on IDP
  • When ADFS gets successful response, sends artifact to IDP by back-channel WS-Trust SOAP connection
  • IDP replies with assertions (claims)
rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • Does anything in SAML exists which allows no-browser interactions? You capture username:password and then talk with IdP whit out browser? – rock3t Jun 10 '20 at 13:27
  • There is a SAML profile that allows it but I don't know of anyone that has implemented it. – rbrayb Jun 10 '20 at 19:51
  • Also there is PAOS (reverse SOAP) but again rarely implemented. – rbrayb Jun 10 '20 at 19:52
  • Thanks bud, that's exactly what I'm finding out... a lot of mentions about SAML ECP profile but no implementation examples. – rock3t Jun 11 '20 at 07:16