locked
ADFS2, WebSSO and protocol switching RRS feed

  • Question

  • Hi All,

    I'm looking at using ADFS2 to implement WebSSO with an external client, but signing in to a WIF Claims Aware application.

    Can anyone tell me if the following scenario is possible:

    ExternalIP ---SAML2Response---> ADFS2(IdpInitiatedSignOn.aspx) ---WS-Federation SignInResponse---> Claims Aware Application

    It seems like we need to switch protocols mid way through the sign in process to achieve this. What seems to be supported is the following:

    ExternalIP ---SAML2Response---> ADFS2(IdpInitiatedSignOn.aspx) ---SAML2Response---> Claims Aware Application

    This seems to be a scenario that should be a supported. I've read in other posts that ADFS2 supports switching protocols during sign in, but I can't find anything in the documentation to understand how this might be achieved.

    In my setup I have the ExternalIP set up as a Claims Provider Trust, and my claims aware application set up as a Relying Party Trust.

    In my solution, the Claims Aware Application application is listed on the IdpInitiatedSignOn.aspx page only if it has a SAML2.0 compatible endpoint defined.

    Any guidance on if this is possible would be a big help.

    Thanks

    Friday, May 20, 2011 2:21 AM

Answers