SSO from an external web application to multiple LDAP providers (AD)
We are considering a solution to this problem:
We host an ASP.NET web application externally on a dedicated web server that resides in its own domain. We have a client who exclusively uses a web application and wants SSO using Windows credentials to automatically authenticate to the web application without having to log in. This client has users on three different domains around the world, so some users might be on a UK domain, others on a US domain, etc.
So far I am considering a couple of options:
1) A custom LDAP membership provider that can somehow authenticate against these external AD sources. Not sure if this is possible ...
2) CAS ( http://www.jasig.org/cas ) to create a central authentication service that can connect to AD sources. Not sure if it will be possible to connect CAS to multiple AS sources.
Does anyone have any thoughts or similar impressions that they can use to achieve this?
thank
source to share
I have no experience, but I think Active Directory Federation Service (ADFS) is for this kind of thing.
source to share
It is possible to connect CAS to multiple AD sources. We have something similar for our external portal. External clients are stored in a custom table, while internal users are in one of several AD domains. We had to write our own authenticator that could search for appopriate (table versus one of several domains), but it was pretty straightforward to write.
source to share