I need to do SSO between episerver CMS and Liferay CMS using SAML. I know that LifeRay can act both as Service Provider as well as Identity Provider. I want to know that can Episerver CMS also act as Identity provider as well as service provider?
EPiServer uses the standard ASP.NET provider model for authorization/authentication, and by default ships with Windows and SQL membership and role providers for forms authentication.
In other words, I'm not aware of anything particular OOTB that would enable SAML SSO. But seeing as there's nothing EPiServer-specific about authentication, you should be able to add SSO support just as you would for a vanilla ASP.NET app.
Related
I am trying to incorporate ITFoxtec SAML with my webforms applications and Azure AD for SAML based SSO authentication. Can anyone please provide me any reference link or guide me regarding this to work?
Target Framework: .NET Framework 4.8(Web forms)
I have gone through the samples given in the github repo but still unable to proceed further.https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2
I'm afraid that there is not a .NET WebForms sample but it is possible to implement ITfoxtec Identity SAML 2.0 in a .NET WebForms application.
Please se the following links:
ITfoxtec SAML 2.0 and .NET ASPX application (not MVC)
itfoxtec-identity-saml2 .net framework 4.6 web forms guidance
ITfoxtec SAML 2.0 and ASP.NET Web Forms (ASPX) HttpRequest
Alternatively, you can connect to Azure AD using OpenID Connect or use FoxIDs as an security broker to concert between the Azure AD SAML 2.0 connection and your application using OpenID Connect.
Our SaaS application supports SAML SSO as a service provider. As such we can use Salesforce as the Identity Provider, and either have a link to our application or a webtab displaying our application in Salesforce.
Some customers have Salesforce Community Cloud, and they want to have SSO set up for their community into our application. Can Salesforce Community Cloud act as a SAML Identity Provider for out application?
I am trying to integrate Salesforce with AAD, so I see two available options, either Saml or OpenId Connect.. I do not know which one is better, but I prefer OpenId Connect since it seems to be more modern. So I tried to register Salesforce App in AAD and Saml was the default options, so why is Saml the default option ?! is it better or what? Please note that I am building an API and I need to allow authentication and authorization with Single Sign On.
The Azure AD app gallery contains many popular applications that are already pre-configured to work with Azure AD as an identity provider. These applications will be available in the Enterprise applications and have SAML to perform SSO. Any application which is added directly from the Gallery the default method is SAML based SSO , password based SSO etc.. which depends upon the applications.
Kindly check the difference between the App Registration and Gallery application in Azure portal from the link
In order to get more detailed explanation about SSO types and protocols kindly check the document to get more detailed explanation.
If you have any further queries kindly let me know.
I'm working with a company that has a WinForms application running on a corporate windows network. The application currently connects to a web application server that has its own private username/password store. The web app server has JSP based UIs, but also has some web services which support JWT based authentication.
The company would like to use use accounts from its windows domain to authenticate the users rather than using a separate set of usernames and passwords. The company's domain has an AD FS server and the web application is a SAML service provider.
The question is, is it possible to use the identity information from the original windows login to get a SAML token from ADFS and then use that token to talk to web services on the web application machine?
We're looking at Windows Identity Foundation built into the .net framework as a possibility. Open ID Connect also seems like a possibility, but we don't want to have to present the user a web page for them to log in; we want to use the original windows login identity information to automatically grant access to the service provider.
Is this possible?
SAML support is already built into the web application, but if necessary we could add support for OpenID Connect.
ADFS does have the ability to generate JWT tokens but sadly not for SAML.
There is no way to convert a SAML token to a JWT one that is signed.
SAML doesn't really have support for web API / web services.
WS-Fed does but it's WCF not web API.
The easiest way is to convert to OpenID Connect. That does deliver a JWT token that you can use to authenticate to a web API. You need ADFS 4.0 to do this.
we developed applications with custom STS as identity provider. Now we planning to use thinktecture identity server (Idsrv) as primary and ADFS as secondary to replace our custom STS. I enabled WS-Federation protocol in Idsrv and added Idsrv and ADFS as identity providers. we developed web application that trusts Idsrv. I also used HRD url to show the list of identity providers whenever user access the web application. It works fine for both identity providers.
Flows :
Idsrv provider web app-->HRD-->Idsrv-->HRD--->Web app
ADFS web app-->HRD-->ADFS-->HRD--->Web app
I also specify the home realm in web application to use the identity provider as default without showing HRD. It works good.
I want to develop a wcf service that trusts Idsrv. I want to utilise the wcf service from wpf client. Based on the user's domain, I need to specify the identity provider as default.
How can I specify the identity provider in wpf client?
my requirement is same as
https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/198
The HRD concept does not exist in WCF / SOAP. You would need to go to the idp first and then exchange that token with a token from IdSrv.
Unfortunately, we haven't implemented those endpoint in idsrv. There is a PR on github with an implementation, maybe you wanna give that a try.