Siteminder alternatives

Question

We are going to be setting up a new environment and SiteMinder has been suggested to help with web app authentication/authorization for both internal users and federated users. However, we have not had good experiences with Siteminder and would like to avoid it - what alternatives would you suggest?

Edit: We are currently planning to be a RP/SP, but may one day be an IdP as well. OpenID is our first planned IdP, but will expand to additional ones in the future

Which platform are you targeting? .NET? – Eugenio Pace Apr 25 '11 at 16:00 — Eugenio Pace, Apr 25 '11 at 16:00
Yeah, .net and c# are the most common languages used – user696915 Apr 25 '11 at 18:33 — user696915, Apr 25 '11 at 18:33

Eugenio Pace · Answer 1 · 2015-02-12T17:54:20.047

3

If the internal users are in Active Directory, you could use ADFS (v2). You won't need additional licenses for ADFS as it is an OS component. For your external users, you can use ACS which supports OpenID, LiveID, Yahoo!, Google (and any WS-Federation IdP) (*).

At a high level it would look like this:

enter image description here

You would use WIF to "claims enable" your app.

(*) As of Feb 2015: ACS might be discontinued or de-invested by MSFT. It is still available though.

edited Feb 12 '15 at 17:54

answered Apr 27 '11 at 17:34

Eugenio Pace

14,094
1
34
43

I've been trying to figure out if we can set our app up like this, but I'm not sure if we'll be able to use ACS. Suggestions for alternatives? ADFS is looking like the way we may go though. If our app only wanted to accept our internal AD users plus Google and PayPal, is that possible without using ACS? – user696915 May 02 '11 at 14:30
1

ADFS would work for your internal users, but not for Google. Not sure about PayPal, but I doubt it. What are teh barriers for ACS in your environment? – Eugenio Pace May 13 '11 at 03:09
Well I'm not sure if we'll be able to support ACS, or if it makes more sense to choose a different product. Ideally, we'd like to support a few different OpenID idps, and paypal is one of them. – user696915 May 18 '11 at 21:34
1

Cool pic, did you draw that yourself? – littlegreen Feb 16 '12 at 11:59
1

@littlegreen - thanks! yes, I did it with my TabletPC and PowerPoint. – Eugenio Pace Feb 16 '12 at 15:47

score 0 · Answer 2 · answered Sep 19 '19 at 20:04

ADFS (Windows Server 2012 R2 and newer) will work with any SAML or OpenID Connect Identity Provider, and is very easy to setup. The ADFS server has to be a Domain member but does not have to use Active Directory to authenticate users.

You can Federate your app(s) with ADFS (as a Relying Party), then Federate ADFS with external Identity Providers (as Claims Providers).

Siteminder alternatives

2 Answers2