Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SAML Identity Provider based on Active Directory

I have a 3rd party program that supports web SSO using SAML 1.1 (it is ready to serve as the Service Provider, in other words).

We would like to implement this SSO for our intranet users based on their Active Directory credentials. In other words, they've already logged on to their system, so let's simply use those credentials to facilitate an SSO. I am a little overwhelmed at where to begin, though.

My initial thought is that IIS / Active Directory could easily serve as the Identity Provider since IIS gives us "Integrated Windows Authentication" abilities. I would think we could just create a .NET web app that requires Integrated Authentication which simply extracts the current user ID, builds the SAML response, and re-directs the user back to the Service Provider with this SAML response to complete the SSO.

But then, my problem is that I simply have no real idea of how to go about creating this SAML response, the X.509 certs involved, etc... I am wondering if I am in over my head on this, or if creating this SAML response should be relatively easy.

Note this SSO is to be used by intranet users only, so no need to worry about federating with other companies / domains.

like image 564
Jarret Avatar asked Jun 16 '10 01:06

Jarret


1 Answers

Another option that you may want to look into is Microsoft's Active Directory Federation Server (ADFS) 2.0.

like image 90
Franco Caliente Avatar answered Sep 28 '22 19:09

Franco Caliente