堆栈内存溢出
  简体   繁体   English

使用ADFS 2.0和SAML 2.0进行Web SSO时,我的asp.net网站是否需要重定向到IdP服务器吗?

[英]Does my asp.net web site need to do redirect to IdP server when doing web sso with ADFS 2.0 and SAML 2.0

 原文  2016-02-18 12:32:22       asp.net/ single-sign-on/ .net-4.5/ saml-2.0/ adfs2.0

问题描述

My asp.net web site is .NET 4.5, we get metadata.xml file from the partner company and gave them also our metadata.xml file. 我的asp.net网站是.NET 4.5,我们从合作伙伴公司获得了metadata.xml文件,并且还给了他们我们的metadata.xml文件。 they say that they use SAML 2.0 so i am a little beat confuse but i guess we fall to the Ws-Federation scenario for authenication (and NOT Web SSO SAML Protocol). 他们说他们使用SAML 2.0,所以我有点困惑,但是我想我们落入Ws-Federation方案进行身份验证(而不是Web SSO SAML协议)。 we want to implement SP-Initiated : 我们要实现SP发起的:

  1. Does my asp.net web site default page need to do redirect to IdP server when doing web sso with ADFS 2.0 and SAML 2.0 or maybe it done by the ADFS infra? 使用ADFS 2.0和SAML 2.0进行Web sso时,或者我的asp.net网站默认页面是否需要重定向到IdP服务器?
    (the Idp server is also ADFS2.0+SAML2.0) (Idp服务器也是ADFS2.0 + SAML2.0)

  2. Does my asp.net web site need to do make a logout request to do the IdP server? 我的asp.net网站是否需要发出注销请求才能使用IdP服务器?

  3. Does my asp.net web site default page just need to extract the claims from the http user context and take for example the user email address and mark this user as logged in? 我的asp.net网站默认页面是否仅需要从http用户上下文中提取声明并采用例如用户电子邮件地址并将该用户标记为已登录?

2 个解决方案

解决方案1
 0  2016-02-18 17:17:10

SP Initiated is SAML not WS-Fed so you need to go the SAML protocol route. SP发起的SAML不是WS-Fed,因此您需要执行SAML协议路由。

Easiest way is to use WIF (older technology) or the newer OWIN WS-Fed libraries on the ASP.NET application side. 最简单的方法是在ASP.NET应用程序端使用WIF(较旧的技术)或较新的OWIN WS-Fed库。

This will then do all the redirection to ADFS for you. 然后,这将为您完成所有重定向到ADFS的操作。

It will return a Claims Principal which will contain all the claims. 它将返回一个索赔主体,其中将包含所有索赔。

解决方案2
 0  2016-07-27 12:26:03

  1. yes (You need to be redirected on IDP server to enter the credentials) 是(您需要在IDP服务器上重定向以输入凭据)
  2. yes (Logout request should be made to IDP server as well) 是(也应向IDP服务器发出注销请求)
  3. I'm not sure about the net application but according to SAML specification you will receive a response from IDP and you need to check if logout was successful or not. 我不确定网络应用程序如何,但是根据SAML规范,您会收到IDP的响应,您需要检查注销是否成功。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在asp.net中使用Saml 2.0对Web应用程序进行身份验证 - Authenticate web app Using Saml 2.0 in asp.net ASP.NET中的ADFS 2.0 / SAML令牌是否具有粘性? - Are ADFS 2.0 / SAML Tokens in ASP.NET sticky? Ping federate作为IDp,在ASP .NET Web表单中使用SAML 2.0响应 - Ping federate as IDp, consuming the SAML 2.0 response in ASP .net web forms 如何以asp.net Web表单/ asp.net mvc服务提供程序(SP启动)连接到SimpleSamlphp idp登录页面(SAML 2.0 p) - How to connect to SimpleSamlphp idp login page (SAML 2.0 p) in asp.net web forms / asp.net mvc service provider (SP initiated) 如何在asp.net网站上启用saml 2.0 sso - How to enable saml 2.0 sso in asp.net website 在 asp.net 中使用 SAML2.0 的 SSO - SSO using SAML2.0 in asp.net ASP.NET 2.0网站获取ThreadAbortException - ASP.NET 2.0 web site gets ThreadAbortException 在Asp.Net 2.0网站上的项目和Assembly Reference? - In Asp.Net 2.0 web site project and Assembly Reference? ADFS 2.0 IDP发起的SSO - ADFS 2.0 IDP-Initiated SSO 将网站从.NET 2.0升级到.NET 4.0会在Visual Studio中打开网站时发出警告“此项目的目标是ASP.NET 2.0 ...” - Upgrading a web site from .NET 2.0 to .NET 4.0 gives warning when opening web site in Visual Studio “This project is targeting ASP.NET 2.0…”
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM