问题
Am searching for Desktop application manage Enterprise Single Sign On (SAML v2, Identity Provider , Service Provider )
回答1:
Here is how i achieved in my enterprise:
There could be 2 approaches
Use "windows authentication" which can give you actual user trying to access website. Any enterprise application ( assuming it being hosted on Intranet) has integration to Active Directory. This User identity can be authenticated using LDAP server
Use OAuth way and use Third party which provide Identity management. Front End calls their services to generate token. This token can be sent to backend which will authenticate this token against the validator service.
回答2:
ADFS 2.0 is a downloadable component of Windows Server 2008 and R2. It is simple, but there are several configuration steps that require specific strings, certificates, URLs, and so on.
ADFS 3.0 also supports enterprise logon. ADFS 3.0 has several improvements, the biggest of which is that Microsoft's Internet Information Services (IIS) server is included in the deployment, not a separate installation.
回答3:
I have used ADFS 2.0 as RSTS for SSO where in we have all the IdentityProviders and the Relying parties are configured. You can use the active end point of the STS (in case you want to authenticate against external sources like web api/ web service/ AD/ Database then prefer writing you own custom STS as the IDP).
Firstly you will get the boot strap token from the IDP and then get the Relying party token from the RSTS. In both the calls you need to communicate against the active end point (a wcf end point which implements WS Trust protocol).
Passive end points/ passive calls are used for thin clients.
You can try using ADFS 3.0 which even supports JOT (JSON) tokens (a very light weight token) along with SAML 2.0.
来源:https://stackoverflow.com/questions/39375480/enterprise-single-sign-on