Directory Programming .NET

Active Directory and ADAM programming support for .NET developers
Welcome to Directory Programming .NET Sign in | Join | Help
in Search
Home Forums Files Roller
Directory Programming .NET » General Discussions » ADFS Discussions » Re: adfs with opensso

adfs with opensso

Last post 06-18-2009, 12:03 PM by joe. 3 replies.
Sort Posts: Previous Next

  •  06-17-2009, 5:51 AM 6678

    adfs with opensso

    Reply Quote

    Current our enviroment use adfs websso(token-based applications)implement all application sso On the Microsoft IIS platform. for example :https://www.tea.com/default.aspx https://www.ta.com/default.aspx

     use SUN OpenSSO implement  application sso run on weblogic platform.

    https://www.web.com:7101/webportal.

    https://www.web.com:7201/webportal.

    how can implement sso between the above four applicaiton.

    if user login to https://www.tea.com/default.aspx , it will can auto logon to https://www.web.com:7101/webportal  etc.

    I read the document OpenSSO WS-Federation How-to.pdf ,it use OpenSSO as Service Provider or Identity Provider, if implement WS-Federation  between OpenSSO and adfs. does it means implement sso between all applicaitons?

    Thanks

     

     

     

     

     

  •  06-17-2009, 10:46 AM 6681 in reply to 6678

    Re: adfs with opensso

    Reply Quote

    Can you describe which FS is the IdP and which FS is the RP for the app in question?  If there are multiple apps, do they all have the same RP or is there a mix?

    It sounds like you want to use an OpenSSO server as an IdP.  In that case, for ADFS you make it an account partner.  They must provide you their token signing certificate, their fed passive endpoint URL and their realm identifier.

    You will have a challenge with token-based apps with an external IdP as you'll need a strategy for mapping external SSO users to internal Windows users in AD.  This can be done but is complex.  Ideally, your apps would all be claims aware so you have more flexibility.

  •  06-17-2009, 10:10 PM 6689 in reply to 6681

    Re: adfs with opensso

    Reply Quote

    yes, i use OpenSSO server as an IdP, use Active Directory or ADAM as account store  .  user can use AD user to access opensso protected appliation.

    for adfs ,i use adfs web sso  scenario .all the information is configured under the My Organization node of adfs.msc. user also can use AD user to access adfs protected token-based apps .

    opensso AD  and adfs AD just the same.

     

  •  06-18-2009, 12:03 PM 6697 in reply to 6689

    Re: adfs with opensso

    Reply Quote

    If you want the current openSSO apps to continue to use the opensso RP you have configured and want the current ADFS apps to continue using your existing ADFS RP/resource partner, then the thing to do might be to configure opensso as IdP/account partner in ADFS and configure ADFS as IdP/account partner in opensso.  This should enable SSO across both realms.

    If you would rather have just a single IdP against the AD account store, then the thing to do might be to just use ADFS as the account store, make it the RP for your two .NET apps and then configure the opensso apps are RPs in ADFS.  If the opensso apps can then accept tokens generated by ADFS directly, you should have clean SSO between all parties with a single IdP for the account store.

    So, basically, I think you have some flexibility in terms of how you can make this all work.

    The only situation that I think would be difficult to make work would be to use try to use the ADFS agent against a non-ADFS RP since the agent uses some proprietary stuff to make it work.
View as RSS news feed in XML
© Dunn & Kaplan, 2008