如何将单点登录与多个 ADFS 集成?
[英]How to integrate Single Sign-On with multiple ADFS?
问题描述
I have an application developed in ASP.NET MVC and SQL Server.
我在 ASP.NET MVC 和 SQL 服务器中开发了一个应用程序。
Application is developed in a way that it can be used by multiple clients with Form-based authentication.应用程序的开发方式可以由多个客户端使用基于表单的身份验证。 We have more than 20 clients using the same app, no client-specific hosting.我们有 20 多个客户使用同一个应用程序,没有特定于客户的托管。
Clients are requesting us to implement Single Sign-On but these clients have multiple AD's like client A has On-prem AD, client B has Azure AD, and so on...客户要求我们实施单点登录,但这些客户有多个 AD,比如客户端 A 有本地 AD,客户端 B 有 Azure AD,等等......
- Is this feasible to implement SSO with multiple ADs along with form-based auth on a web application在 web 应用程序上使用多个 AD 以及基于表单的身份验证实现 SSO 是否可行
- What would be an ideal solution for this scenario other than client-specific hosting除了特定于客户端的托管之外,这种情况下的理想解决方案是什么
Thanks!谢谢!
2 个解决方案
解决方案1
1 2020-06-10 19:56:42
Yes, implement an IDP like identityserver4 (free) or a commercial offering like Auth0.是的,实现像 identityserver4(免费)这样的 IDP 或像 Auth0 这样的商业产品。
Both can authenticate against your DB.两者都可以针对您的数据库进行身份验证。
Then federate with the multiple ADFS via Home Realm Discovery.然后通过 Home Realm Discovery 与多个 ADFS 联合。
解决方案2
1 2020-06-10 21:24:18
Maybe it is time to move away from traditional form based authentication.也许是时候摆脱传统的基于表单的身份验证了。 To achieve SSO with multiple IDP with different protocols (ldap, ADFS, SAML, OIDC), you should think centralizing your authentication and authorization layer.要使用具有不同协议(ldap、ADFS、SAML、OIDC)的多个 IDP 实现 SSO,您应该考虑集中您的身份验证和授权层。 You might try Auth0 who provides out of box support to connect to different IDP via different protocols.您可以尝试提供开箱即用支持的 Auth0,以通过不同的协议连接到不同的 IDP。 Identity Server is an open source project. Identity Server 是一个开源项目。 However, it is your responsibility to maintain the server.但是,维护服务器是您的责任。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.