单一登录Microsoft ADFS

Question

I am tasked with setting up Single-Sign-On between ADFS and Taleo Business Edition. In this case it is an IdP initiated SSO and I have to use .net. I know .net 4.5 supports SAML, which is what the relying party (Taleo) requires to validate a user-- but I cannot find any good tutorials to even get started. Any help is appreciated, I have read through the WIF documents and some of their Developer Training Kit but it does not seem to be what I need to do. Does anyone have any pointers on good places to start? No one in my office is sure of how to do this.

EDIT: My approach is to just create a .aspx form and put that link on our intranet homepage, send the necessary credentials to the relying party (Taleo), who then interprets the SAML token and redirects the user. Does this this seem like a sound approach?

Answer 1

What you have to do is add Taleo as a Claims provider to ADFS. easiest to ask then for their metadata file and import that.

Essentially you are federating ADFS and Taleo.

This a common pattern - refer eg AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommon Federation for a SAML example.

.NET 4.5 does not support the SAML protocol - it only supports SAML tokens . Neither does WIF.

You would normally go to the ADFS IDP Initiated page, sign in and then pick Taleo from the dropdown and then you will be redirected to Taleo with SSO so you won't need to authenticate again.'