SAML Identity Provider based on Active Directory

Posted by Jarret on Stack Overflow See other posts from Stack Overflow or by Jarret
Published on 2010-06-16T01:20:47Z Indexed on 2010/06/16 1:22 UTC
Read the original article Hit count: 295

Filed under:

saml

|

windows-integrated-authe

I have a 3rd party program that supports web SSO using SAML 1.1 (it is ready to serve as the Service Provider, in other words).

We would like to implement this SSO for our intranet users based on their Active Directory credentials. In other words, they've already logged on to their system, so let's simply use those credentials to facilitate an SSO. I am a little overwhelmed at where to begin, though.

My initial thought is that IIS / Active Directory could easily serve as the Identity Provider since IIS gives us "Integrated Windows Authentication" abilities. I would think we could just create a .NET web app that requires Integrated Authentication which simply extracts the current user ID, builds the SAML response, and re-directs the user back to the Service Provider with this SAML response to complete the SSO.

But then, my problem is that I simply have no real idea of how to go about creating this SAML response, the X.509 certs involved, etc... I am wondering if I am in over my head on this, or if creating this SAML response should be relatively easy.

Note this SSO is to be used by intranet users only, so no need to worry about federating with other companies / domains.

© Stack Overflow or respective owner

Related posts about saml

Looking for feedback on a first SAML implementation.

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I've been tasked with designing a very simple SSO (single sign-on) process. My employer has specified that it should be implimented in SAML. I'd like to create messages that are absolutely as simple as possible while confirming to the SAML spec. I'd be really grateful if some of you would… >>> More
Configuring Fed Authentication Methods in OIF / IdP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML… >>> More
AuthnRequest Settings in OIF / SP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
In this article, I will list the various OIF/SP settings that affect how an AuthnRequest message is created in OIF in a Federation SSO flow. The AuthnRequest message is used by an SP to start a Federation SSO operation and to indicate to the IdP how the operation should be executed: … >>> More
Fed Authentication Methods in OIF / IdP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
This article is a continuation of my previous entry where I explained how OIF/IdP leverages OAM to authenticate users at runtime: OIF/IdP internally forwards the user to OAM and indicates which Authentication Scheme should be used to challenge the user if needed OAM determine if the… >>> More
Reading SAML Attributes from SAML Token

as seen on Stack Overflow - Search for 'Stack Overflow'
I am loading SAML Token from XML file. string certificatePath = @"D:\Projects\SAMLDemo\Server.pfx"; X509Certificate2 cert = new X509Certificate2(certificatePath, "shani"); string samlFilePath = @"D:\Projects\SAMLDemo\saml.xml"; XmlReader reader = XmlReader.Create(samlFilePath); List<SecurityToken>… >>> More

Related posts about windows-integrated-authe

why does Integrated Windows Authentication fail when clients access off the network

as seen on Stack Overflow - Search for 'Stack Overflow'
My background is not with web applications so this problem is hard for me to explain easily. First I'll try to describe the setup. Client setup:-Only browser that is effected is IE 6-8 (Firefox, chrome, opera, and safari all work fine) -A user will try to access our web application from a company… >>> More
How to use Windows login for single-sign-on and for Active Directory entries for Desktop Java applic

as seen on Stack Overflow - Search for 'Stack Overflow'
I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to : Be sure that the particular user has logged in to Windows with some user entry. Check out some setup information for that user from the Active Directory With http://stackoverflow… >>> More
SAML Identity Provider based on Active Directory

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a 3rd party program that supports web SSO using SAML 1.1 (it is ready to serve as the Service Provider, in other words). We would like to implement this SSO for our intranet users based on their Active Directory credentials. In other words, they've already logged on to their system, so… >>> More
Authenticating mssql users through different logins

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm developing a new node.js based frontend for an old intranet site using mssql server and Classic ASP. Both the new and the old site will coexist during the transition phase and both must access the same mssql server using the same database principals. The old ASP/IIS site uses integrated windows… >>> More