0

Am pretty new to ADFS. We have a requirement of enabling SSO between our application (A) and Client application (B). B is configured to authenticate against ADFS. We need to integrate A with B and enable SSO. User will always login from B and will have link to A. When user clicks on link, he should be navigated to page in A. We want the authentication mechanism to A via a centralized module (may be service).

I have 2 questions. 1. if we get relevant information from client ADFS like Relying party Id,ADFS endpoint and Certificate details to implement a service that will take care of passing claims to our application A, is it possible.

  1. Once the user cliks on link in B, how do we get the claims in A if A is not "Hardcoded" configured with client's ADFS.

Kindly guide.

Saravanan
  • 283
  • 2
  • 17

1 Answers1

0

There are multiple ways:

  • both A and B are federated with your ADFS and use ws-fed, thus navigating to A from B involves ADFS but this happens quickly and without user interaction
  • B acts as a Relying STS so that A authenticates in B using ws-fed. This is difficult if you haven't done this before
  • B passes user credentials to A using yet another, completely custom way. One of our apps (your B) shows a qr-code that another app (your A) scans and uses the qr encoded one-time guid to ask B directly on whom the guid belongs to

My recommendation is the first way and the last if first is not applicable.

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
  • Thanks Wiktor for inputs. Our client needs to have ADFS authentication for A happens thro some service. Can you please shed more lights in second point and any URL where we can have reference. – Saravanan Oct 29 '15 at 07:50
  • Years ago I wrote a tutorial on that http://www.wiktorzychla.com/2011/08/quest-for-customizing-adfs-sign-in-web.html (this is actually a 6 part tutorial). I haven't updated it to WIF4.5 however you should be able to follow it. In case of some serious issues, come back with more specific questions. – Wiktor Zychla Oct 29 '15 at 07:53