adfs2.0

问题 We have an ADFS 2.0 installation that's working well for our MVC apps in our various environments. I believe it uses "passive authentication" (I'm still getting used to the proper terminology) - it definitely is where it redirects the user to our adfs proxy if the user is not logged in and adfs redirects the user back to our MVC app once they are logged in. We are now beginning to expose some secured web services and want to tap into this same authentication system. My understanding is that I

问题 I've created a basic MVC 3 website that's using Windows Azure's Access Control Service (ACS) to perform user authentication against an Active Directory Federated Service (ADFS) endpoint. I followed the "Add STS Reference" wizard and the site runs fine and authenticates users just perfectly in IE. However, when I use Chrome or Firefox it continually prompts for my credentials over and over again. I found this post on technet that mentions the issue as it pertains to Firefox but there's no fix

问题 Hi I am trying to use SSO to authenticate my client's users directly to my website. My client's IDP is Microsoft ADFS and I am using Passport-SAML (https://github.com/bergie/passport-saml) to configure the SSO process. After getting to a special URL I give my client (example: www.myClient.myCompany.com ), the user (unauthenticated) is as expected redirected to the client login page. After he enters his credential, he remains stuck in login page BUT the SSO work because the user is

问题 How does Stack Overflow's SSO work? ... whatever it is they are doing it seems to work for all sites in the network. I'd like to learn what Stack is doing so I can see if it's possible to get a similar registration scheme between http://perfmon.com and http://eventvwr.com under ADFS. I understand that SAML and OpenID are different animals, but the concept of transparent registration should be the same. Q: How does Stackoverflow "federate" with the other sites such as serverfault? 回答1: OpenID,

问题 How does Stack Overflow's SSO work? ... whatever it is they are doing it seems to work for all sites in the network. I'd like to learn what Stack is doing so I can see if it's possible to get a similar registration scheme between http://perfmon.com and http://eventvwr.com under ADFS. I understand that SAML and OpenID are different animals, but the concept of transparent registration should be the same. Q: How does Stackoverflow "federate" with the other sites such as serverfault? 回答1: OpenID,

问题 I've configured an app on the adfs relying party trusts, so I can login using adfs/sso. After that i'va installed simplesamlphp to deal with that login, and process the response saml. this is my authsources config: 'myauth' => array( 'saml:SP', 'idp' => 'http://domain/adfs/services/trust', 'privatekey' => 'saml.key', 'certificate' => 'saml.crt', ), but after the login, on the return post i get the following error: Exception during login: sspmod_saml_Error: Requester/InvalidNameIDPolicy

问题 I have 2 ASP.Net applications: App1 and App2. Both applications are standard web apps that use WIF with the same ADFS server to authenticate the user, but App2 also exposes some WebAPI services. When the user goes to App1, App1 calls a service on App2 and I need to somehow call the App2 service with the user's token. If the user, themselves, were calling the service on App2, they would go through the same ADFS authentication and everything would work, but it's App1 that's calling the service

问题 I have a situation where we have a MVC 2 application(I tried this with a basic MVC 2 app without any extra stuff, still same problem) and am using adfs 2 for authenticating my users. So.. Now I get into my application and I get the below.. ID3206: A SignInResponse message may only redirect within the current web application: '/[app]' is not allowed. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information

问题 Can anyone explain to me what the main differences between SP initiated SSO and IDP initiated SSO are, including which would be the better solution for implementing single sign on in conjunction with ADFS + OpenAM Federation? 回答1: In IDP Init SSO (Unsolicited Web SSO) the Federation process is initiated by the IDP sending an unsolicited SAML Response to the SP. In SP-Init, the SP generates an AuthnRequest that is sent to the IDP as the first step in the Federation process and the IDP then

问题 What the claim of type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier should be used for? This is the main question, and here are additional ones. How does it differ from http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim? Is it permanent for particular user as opposed to name claim? Is it globally-scoped or IdP-scoped? 回答1: Name , is just that a name. If we're talking person, think "Eric"; a server "file01". A NameIdentifier is the ID for an object.