SAML (Security Markup Language) - can this be implemented via network infrastructure

I was able to implement SAML for several sites that we have, and I was wondering if it is possible to implement such a requirement in infrastructure technologies like Active Directory, or if I need to implement the solution in application code?

Greetings

Ollie

+2


source to share


2 answers


I think ADFS supports this, so you don't need to write any code. Just do some configuration tweak.

AD FS implements the WS-Federation standardized protocol and Security Markup Language (SAML). http://msdn.microsoft.com/en-us/library/bb897402.aspx

However, you may need to tweak some code based on how domains and usernames are handled. For example, if the application just uses the username as a key, and the other guy is in a different domain / directory with the same username, then you are in trouble. If they use a domain / username then this will be less problematic, but you may have conflicts based on how authentication and user lookups are handled.



There are some commercial products provided by Ping Identity and RSA (EMC) that also work on your SAML work.

Please note that I am a developer, not an AD / networking guy (so I could be wrong about working with AD), but I will be working with this in the near future to integrate some of my intranet sites into our various sister companies / divisions that are in different networks / directories.

+2


source


To clarify, ADFS uses a SAML token, but is NOT compliant with the SAML protocol. Since you need to support SAML for your sites, you will need to implement the same SAML protocol that your SSO partners will use — either 2.0, 1.1, or 1.0.

We have a lot of information about SAML in the information library part of our website: http://www.pingidentity.com/information-library/index.cfm



Of course, we also offer a simple and secure solution for these requirements - PingFederate.

+2


source







All Articles