[英]Does my asp.net web site need to do redirect to IdP server when doing web sso with ADFS 2.0 and SAML 2.0
My asp.net web site is .NET 4.5, we get metadata.xml file from the partner company and gave them also our metadata.xml file. 我的asp.net网站是.NET 4.5,我们从合作伙伴公司获得了metadata.xml文件,并且还给了他们我们的metadata.xml文件。 they say that they use SAML 2.0 so i am a little beat confuse but i guess we fall to the Ws-Federation scenario for authenication (and NOT Web SSO SAML Protocol). 他们说他们使用SAML 2.0,所以我有点困惑,但是我想我们落入Ws-Federation方案进行身份验证(而不是Web SSO SAML协议)。 we want to implement SP-Initiated : 我们要实现SP发起的:
Does my asp.net web site default page need to do redirect to IdP server when doing web sso with ADFS 2.0 and SAML 2.0 or maybe it done by the ADFS infra? 使用ADFS 2.0和SAML 2.0进行Web sso时,或者我的asp.net网站默认页面是否需要重定向到IdP服务器?
(the Idp server is also ADFS2.0+SAML2.0) (Idp服务器也是ADFS2.0 + SAML2.0)
Does my asp.net web site need to do make a logout request to do the IdP server? 我的asp.net网站是否需要发出注销请求才能使用IdP服务器?
Does my asp.net web site default page just need to extract the claims from the http user context and take for example the user email address and mark this user as logged in? 我的asp.net网站默认页面是否仅需要从http用户上下文中提取声明并采用例如用户电子邮件地址并将该用户标记为已登录?
SP Initiated is SAML not WS-Fed so you need to go the SAML protocol route. SP发起的SAML不是WS-Fed,因此您需要执行SAML协议路由。
Easiest way is to use WIF (older technology) or the newer OWIN WS-Fed libraries on the ASP.NET application side. 最简单的方法是在ASP.NET应用程序端使用WIF(较旧的技术)或较新的OWIN WS-Fed库。
This will then do all the redirection to ADFS for you. 然后,这将为您完成所有重定向到ADFS的操作。
It will return a Claims Principal which will contain all the claims. 它将返回一个索赔主体,其中将包含所有索赔。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.