Single Sign On Implementation RRS feed

  • Question

  • We have a use case where one of the website(lets name it ABC) is having its users/ roles in Active Directory and there is another website(lets name it XYZ) which is having its users and roles in database(PostgreSQL database). This active directory is exposed through ADFS. Now the requirement is that when a user is logged in to ABC website and clicks XYZ link on it, user will be seamlessly logged in to XYZ website without any further login prompt.

    Another requirement is the website ABC have two types of users stored in two datastores, one in active directory for our internal users and another is database(SQL Server) for external users. We want the login page to be same/similar and want that internal users should be able to enter ABC website seamlessly without any login prompt if they are logging in from intranet.

    For this SSO, please recommend on which type of product(IDM/SSO/Federation etc) will fit in and how the authentication/authorisation should be setup.

    Thanks in advance


    Tuesday, April 8, 2014 1:38 AM

All replies

  • If I am following your requirements correctly, this could all be setup through your ADFS server.

    RelyingParty - abcWebsite
    RelyingParty - xyzWebsite

    ClaimsProvider - AD
    ClaimsProvider - PostSQL(new STS)

    You would use the ws-fed endpoint on your adfs server for both websites. The only real work here is creating a new STS to go against your postsql datastore and then just configure your claims rules. 

    External users - Pass in the home realm as a query string ?whr=[postsql]

    Chris Wigley MCPD

    Tuesday, April 8, 2014 3:06 PM
  • Hi Chris,

    Thanks a lot for your reply. We brainstormed internally and have changed the required to simply it.Please share your though on this.

    We have two claim aware .net web applications ABC and XYZ boh connected to same ADFS and have same user base. We are able to authenticate users on website ABC via ADFS. Now when we click on XYZwebsite link in ABC website, user should seemlessly login to XYZ website without any further username/password prompt by ADFS.

    Please let me know what needs to be done to implement this SSO.



    Saturday, April 26, 2014 5:21 PM