ADFS as a SAML Service Provider

1
votes

Is it possible to set up Active Directory Federation Services as a service provider with SAML 2.0?

Rather than writing my own code to consume an assertion from an IdP, I'd rather put some packaged software in front of my SaaS application that handles all the communication with the IdP. Once all the validation & authentication is complete, I'd like ADFS to pass my app the metadata about the user required to log them in. My users are stored in a separate SQL Server table - not in AD. Is this possible to use ADFS for?

1
saml-2.0adfs

1 Answers

2
votes

Yes - ADFS can be a SAML 2.0 SP.

No - ADFS cannot authenticate against SQL Server - only AD (The next version will be able to). Have a look at identityserver which can (but note it has no SAML SP support).

Either way, your application needs to use either WIF or OWIN to handle the client side.

What you get back is a set of claims / attributes. You only get these back after the user has authenticated.