stackoom
  简体   繁体   中英

Single sign on - service for multiple organizations (ADFS and Form Auth mixed)

 原文  2014-04-12 15:33:07       c#/ single-sign-on

Question

I want to develop an centralized application where different organization users can log-in and perform operations in my site later i will generate report out of it and give it to each organization. I am maintaining my own SQL DB where i will save all the organization issuer , certificate thumbprint details etc….I am able to dynamically send the signinRequest based on the Organization id. However, while coming back from their ADFS server with the token i need following details to be added in my web.config to validate the token. I dont want to expose these details in my web.config for 2 reasons. - Security [i need to have all the organizations details in config which may result some fraud access] -Performance [if i have 100 organization who is going to use my app, is it advisible to configure all the issuerauthority in my config. wont it hit the performance] 

    <issuerNameRegistry type=”System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry”>
   < authority name=”name”>
    <keys>
    <add thumbprint="{Org 1 thumbprint}"/>
    <add thumbprint="{Org 2 thumbprint}"/>
    <add thumbprint="{Org 3 thumbprint}"/>
    </keys>
    <validIssuers>
    <add name="http://test.login.edu/adfs/service/trust&quot;>
    <add name="Org 3 url">
    <add name="Org 4 url">
    <add name="Org 5 url">
    </validIssuers>
    </authority>
    </issuerNameRegistry>

Your help will be very much appreciated Thanks Jeevitha

1 answers

solution1
 0 ACCPTED  2014-04-25 01:33:50

After Some research, i have come up with the solution and it works fine too..

I will have the following setting in my web, config. [My custom class with do the return token validation from the issuer] 

 <issuerNameRegistry type="ADFS_Lib.AccessControlServiceIssuerNameRegistry, ADFS_Lib">
      </issuerNameRegistry>

In my class, i will be overridding the IssuerRegistry calss GetIssuerName method and validate the return token and issuer in my DB whether its configured or not 

 public class AccessControlServiceIssuerNameRegistry : IssuerNameRegistry
    {
 public override string GetIssuerName(SecurityToken securityToken, string requestedIssuerName)
        {
//here my DB validation code goes 
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Single sign on with ADFS ADFS 2.0 Single Sign Out Not Signing Out ADFS Single Sign-On With Asp.Net Membership IIS 7.5 and mixed-mode authentication (single sign on) Claim auth from ADFS Use Single sign on with Box.com using company credential and ADFS 2.0 as Idp Single Sign On (SSO) via 3rd party ADFS using ASP.NET WebForms ADFS single-sign on with ASP.NET Core web app and .NET Core API AD authentication online for multiple organizations Authentication in ADFS with Web Service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM