locked
Implementing ADFS using Microsoft Federation Gateway RRS feed

  • Question

  • Hi,

    We are converting a ASP.NET Web Application to Azure. The Authentication process is handled using LDAP call in the existing code, but we are planning for ADFS integration. The ADFS server already exposing the claims to Microsoft Federation Gateway to consume by other applications.

    We have already integrated MFG with Office 365 using the tool provided, but we are not sure the steps to integrate with this migration project. Could anyone please pointout me the correct direction where I can find how to consume ADFS using MFG.

    Many Thanks, Thirumalai M

    Monday, September 5, 2011 9:19 AM

Answers

  • As I said earlier - I don't know if you can use MFG for non-Microsoft RPs.

    Maybe someone else can comment on that.

    For exposing ADFS (and metadata) to the internet you need an ADFS proxy.


    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Tuesday, September 6, 2011 8:21 AM
  • Dominick is correct.

    I cannot comment on behalf of Microsoft, but as I have been told a few times by them, it is not possible to use MFG for 3rd party RP's. This may change in the future (I haven't heard one way or another), but don't hold your breath.


    Developer Security MVP | www.steveonsecurity.com
    Wednesday, September 7, 2011 9:59 PM

All replies

  • My undertanding (which could be wrong) is that MFG is for Microsoft property to consume tokens - not you app.

    You would register your relying party directly with your ADFS to "federate" - no need to go through the MFG intermediary.


    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Monday, September 5, 2011 12:16 PM
  • Hi Dominick,

    Thanks for your reply. If you could share me steps for implement AD authentication using MFG for an Azure application, will be very helpful to me.

    Tuesday, September 6, 2011 5:53 AM
  • Hi Dominick,

    The link provided works fine when we can reach ADFS metadata directly from application. But here the issue is, our customer already implemented office 365 and they use MFG for AD authentication. So they have exposed the AD claims to MFG which can be consumed by office 365.

    I am unable to access the ADFS federation metadata directly by accessing https://abc.companyname.com/FederationMetadata/2007-06/FederationMetadata.xml, instead admin asked me to go thro' MFG. So, I am confused to find a solution.

    Could you please help me.

    Many Thanks, Thirumalai M

    Tuesday, September 6, 2011 7:31 AM
  • As I said earlier - I don't know if you can use MFG for non-Microsoft RPs.

    Maybe someone else can comment on that.

    For exposing ADFS (and metadata) to the internet you need an ADFS proxy.


    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Tuesday, September 6, 2011 8:21 AM
  • Dominick is correct.

    I cannot comment on behalf of Microsoft, but as I have been told a few times by them, it is not possible to use MFG for 3rd party RP's. This may change in the future (I haven't heard one way or another), but don't hold your breath.


    Developer Security MVP | www.steveonsecurity.com
    Wednesday, September 7, 2011 9:59 PM