martedì 6 dicembre 2011 16:24
I am using CA SiteMinder as local IDP to generate SAML 2.0 Federation tokens. I cannot find any reference to support for SiteMinder integration wi a th ACS. Here is my scenario:
- User authenticates against SiteMinder locally and requests access to Azure based application
- SiteMinder creates a SAML 2.0 assertion with user claims information in the "attributes option" section
- ACS receives SAML assertion and maps input claims to output cliams and directs user to requested relying party
My problem is I cannot find any support for configuring SAML based partner (i-e; SiteMinder) in ACS, only WS-Fed based partner.
Is the above integration possible? if so, how do I configure a SAML 2.0 IDP in ACS?
Tutte le risposte
mercoledì 7 dicembre 2011 09:57Moderatore
I am not familiar with SiteMinder. But you may have some misunderstanding between WS-Federation and SAML. WS-Federation is a protocol (similar to OAuth). SAML is a kind of token (similar to SWT). A protocol is used to send the token. Ideally, you use WS-Federation to send SAML tokens, and ACS supports WS-Federation as custom identity providers. You mentioned SiteMinder already supports SAML. So the next thing to check is if it uses WS-Federation or another protocol to send the SAML token. If it uses WS-Federation, it will be fine. Otherwise it’s not supported by ACS.
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact firstname.lastname@example.org.
Microsoft One Code Framework
mercoledì 7 dicembre 2011 15:20
Thank you for your comment. I do understand the difference between a protocol and a token. SAML however is used both as a token (as in SAML Assertion) and a protocol. I see that ACS supports SAML as input cliams token as well as output claims token, but not as a protocol. Which makes it very hard for me to integrate with with SiteMider.
Does anyone know if SAML (Protocol) support for IDP is forthcoming in ACS?
giovedì 8 dicembre 2011 08:52
Siteminder is supported in ACS. Find the following Eugenio's blog for more details on integration:
(Pls. mark this as answered if this reply answered your query)
giovedì 8 dicembre 2011 08:58
giovedì 8 dicembre 2011 15:01
That is correct, the document refers to SiteMinder + ADFS integration, which is supported. SiteMinder federation services support SAML and WS-Federaion, so it can integrate with ADFS. The issue of integration with ACS is that it only supports Metadata exchange for WS-Fed and does not support SAML (Protocol) whereas SiteMinder supports SAML metadata exchage, and while it does support WS-Fed partnerships, it does not provide a mechnism for Metadata Exchange for it (so it has to be manually configured). Since you cannot manually configure a WS-Fed partnership in ACS, there is an incompatability between the two systems.
venerdì 9 dicembre 2011 04:22
oh yah... Why don't you write Custom STS on top of SiteMinder and use it to integrate with ACS? You can even use ADFSV2 instead of Custom STS, through which it can integrate with ACS.
- Contrassegnato come risposta MingXu-MSFTModerator martedì 13 dicembre 2011 07:46
venerdì 10 febbraio 2012 07:40
AFAIK In ACS it is not possible.
However, MSFT last year released an update for supporting SAML protocol in WIF.
So theoretically you could configure Siteminder to interact directly with the application deployed on Azure than through ACS using SAML protocol.
Here is the link which speaks of SAML support in WIF.
- Modificato Tiruvengalam Kanduri venerdì 10 febbraio 2012 07:42
venerdì 10 febbraio 2012 07:45
Well, Generating metadata is definitely a non trivial task, but it is not so complex either.
ACS does not need signed metadata either. so it is just an XMLwith....
1. URL to post the WS-fed request
2. Cert used by SM
Hope this helps...
- Modificato Tiruvengalam Kanduri venerdì 10 febbraio 2012 07:46
sabato 6 aprile 2013 14:30
I found SAML Protocol(Preview Feature) is now supported on ACS in msdn documentation, is it possible now please check the link
If yes then how can ACS integration with SiteMinder?