SSO with a simple web app


  • I have a simple web application hosted using azure web apps and I'd like to implement SSO with an on-premises active directory. We are moving towards using Azure AD, but its a slow migration process and only about half of the users have been migrated. I'd like to integrate using shibboleth or ADFS, but shibboleth is preferred. What are the best options for doing this integration? From what I've found, creating a virtual server, hosting the application using IIS, and then configuring the server for shib is an option, but are there any alternatives?
    Wednesday, April 12, 2017 10:19 PM

All replies

  • Well, since AAD doesn't support Shibboleth natively it's not really a question about how AAD can solve this :)

    The approach you state should work though.

    But is there a specific reason Shibboleth is preferred, other than probably being configured for a number of other apps you have running already?

    The path I would recommend for starting on-prem and moving to the cloud afterwards would be to install ADFS 2016. It supports OAuth and OpenID Connect just like Azure AD. This means that if you build your app to work with an on-prem AD moving it to the cloud requires a minimum of changes. You could even have it support both ADFS and AAD by adding a few extra lines of code, making it purely a config file change to move it.

    Thursday, April 13, 2017 10:05 AM