라이브러리 학습 코드 다운로드 지원 커뮤니티 포럼
Microsoft Developer Network >
ACS integration with SiteMinder

답변됨 ACS integration with SiteMinder

  • 2011년 12월 6일 화요일 오후 4:24
     
     
    로그인하여 투표
    0

    I am using CA SiteMinder as local IDP to generate SAML 2.0 Federation tokens. I cannot find any reference to support for SiteMinder integration wi a th ACS. Here is my scenario:

    - User authenticates against SiteMinder locally and requests access to Azure based application

    - SiteMinder creates a SAML 2.0 assertion with user claims information in the "attributes option" section

    - ACS receives SAML assertion and maps input claims to output cliams and directs user to requested relying party

    My problem is I cannot find any support for configuring  SAML based partner  (i-e; SiteMinder) in ACS, only WS-Fed based partner.

    Is the above integration possible? if so, how do I configure a SAML 2.0 IDP in ACS?

    Thanks

     

모든 응답

  • 2011년 12월 7일 수요일 오전 9:57
    중재자
     
     
    로그인하여 투표
    0

    Hi,

    I am not familiar with SiteMinder. But you may have some misunderstanding between WS-Federation and SAML. WS-Federation is a protocol (similar to OAuth). SAML is a kind of token (similar to SWT). A protocol is used to send the token. Ideally, you use WS-Federation to send SAML tokens, and ACS supports WS-Federation as custom identity providers. You mentioned SiteMinder already supports SAML. So the next thing to check is if it uses WS-Federation or another protocol to send the SAML token. If it uses WS-Federation, it will be fine. Otherwise it’s not supported by ACS.

     

    Best Regards,

    Ming Xu.

    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework
     
  • 2011년 12월 7일 수요일 오후 3:20
     
     
    로그인하여 투표
    0

    Mr. Xu,

    Thank you for your comment. I do understand the difference between a protocol and a token. SAML however is used both as a token (as in SAML Assertion) and a protocol. I see that ACS supports SAML as input cliams token as well as output claims token, but not as a protocol. Which makes it very hard for me to integrate with with SiteMider.

    Does anyone know if SAML (Protocol) support for IDP is forthcoming in ACS?

    Regards,


    Ssoomor

     
  • 2011년 12월 8일 목요일 오전 8:52
     
     
    로그인하여 투표
    0

    Hi Ssoomor,

    Siteminder is supported in ACS. Find the following Eugenio's blog for more details on integration:

    http://blogs.msdn.com/b/eugeniop/archive/2010/07/01/identity-federation-interoperability-wif-adfs-ca-siteminder.aspx

    Thanks,

    Seetha

    (Pls. mark this as answered if this reply answered your query)

     
  • 2011년 12월 8일 목요일 오전 8:58
     
     
    로그인하여 투표
    1

    This doc is about SiteMinder/ADFS integration. ADFS2 supports SAML2p - so yes this works.

    ACS does not support SAML2p.

    Dominick Baier | thinktecture | http://www.leastprivilege.com
     
  • 2011년 12월 8일 목요일 오후 3:01
     
     
    로그인하여 투표
    0

    That is correct, the document refers to SiteMinder + ADFS integration, which is supported. SiteMinder federation services support SAML and WS-Federaion, so it can integrate with ADFS. The issue of integration with ACS is that it only supports Metadata exchange for WS-Fed and does not support SAML (Protocol) whereas SiteMinder supports SAML metadata exchage, and while it does support WS-Fed partnerships, it does not provide a mechnism for Metadata Exchange for it (so it has to be manually configured). Since you cannot manually configure a WS-Fed partnership in ACS, there is an incompatability between the two systems.

    Regards,

    Ssoomro

     
  • 2011년 12월 9일 금요일 오전 4:22
     
     답변됨
    로그인하여 투표
    0

    oh yah... Why don't you write Custom STS on top of SiteMinder and use it to integrate with ACS? You can even use ADFSV2 instead of Custom STS, through which it can integrate with ACS.

    Regards,

    Seetha

     
  • 2012년 2월 10일 금요일 오전 7:40
     
     
    로그인하여 투표
    0

    Hi,

     AFAIK In ACS it is not possible.

    However, MSFT last year released an update for supporting SAML protocol in WIF.

    So theoretically you could configure Siteminder to interact directly with the application deployed on Azure than through ACS using SAML protocol.

    Here is the link which speaks of SAML support in WIF.

    http://blogs.msdn.com/b/card/archive/2011/05/16/announcing-the-wif-extension-for-saml-2-0-protocol-community-technology-preview.aspx

    Cheers,

    Kanduri


     
  • 2012년 2월 10일 금요일 오전 7:45
     
     
    로그인하여 투표
    0

    Well, Generating metadata is definitely a non trivial task, but it is not so complex either.

    ACS does not need signed metadata either. so it is just an XMLwith....

    1. URL to post the WS-fed request

    2. Cert used by SM

    3. Claims

    Hope this helps...

    Cheers,

    Kanduri


     
  • 2013년 4월 6일 토요일 오후 2:30
     
     
    로그인하여 투표
    0

    I found SAML Protocol(Preview Feature) is now supported on ACS in msdn documentation, is it possible now please check the link

    http://msdn.microsoft.com/en-us/library/windowsazure/jj899563.aspx

    If yes then how can ACS integration with SiteMinder? 

     
© 2013 Microsoft.
|
사이트 의견