Is federation a valid approach for cross-domain SSO In case all the RPs and the STS are developed internally?

Question

I need to implement Single Sign On feature for several internal web applications which are not deployed on the same domain.

Is federation a good solution in my case? Or it is only used if I want to federate the authentication to an external IdP.

I mean I want to create a custom WIF STS and make all the applications claims-aware RPs.

I'm thinking of it because I don't want to use custom solutions or third party libraries. WIF seems to have a straightforward solution integrated with .Net Framework.

Is my suggestion correct? Or this is an incorrect use for WIF.

score 2 · Accepted Answer · answered Aug 18 '14 at 19:25

2

Yes - a solution with WIF / STS will work even if it's only internal.

Beware of security if you roll your own.

You may want to look at ADFS or IdentityServer.

Going this route will make your life a lot easier.

answered Aug 18 '14 at 19:25

rbrayb

46,440
34
114
174

Thank you very much. Thinktecture is just all what I needed – Homam May 11 '15 at 17:38

Is federation a valid approach for cross-domain SSO In case all the RPs and the STS are developed internally?

1 Answers1