what configuration steps need to be done for ADFS WEB SSO

0
votes

my company website is on the SP side and need to implement a WEB SSO (SP-Initiated) for users of other company (this company is one of our customers).

the other company (the IdP) work with Azure ADFS and talk SAML 2.0 protocol.
My company web site is an ASP.NET site.

we already get the federation metadata xml file from the other company and gave them also our federation metadata xml.

What are more steps that need to be done in both sides?
Does both sides need to add new Relying Party Trust?
Do we need to install ADFS 2.0 on my company Web Server also and does it have to be the Azure version?
Does our Web Site ASP.NET (.NET 4.5) code need to be change for this?

1
asp.netadfs2.0
There is no such thing as Azure ADFS. It's either Azure AD (cloud) or ADFS (on-premises)?rbrayb

1 Answers

0
votes

There are 2 ways to do this. 1) If your application is going to be used only by users of the "other" company using federation protocols, you would just add this as the "Application" in the other company's STS and your code would just trust tokens issued by their STS. So the flow would be (App) --> Other Company STS

2) If your application needs to be accessed by your employees, the other company's users as well as additional companies, then you would add your own STS which manages the relationships to one or more companies. So, it would (App) --> Your STS --> 1 or more company STS.

3) Azure AD makes it easy to build multi-tenant applications (essentially #2 approach) that is made available to all Azure AD tenants (essentially every company that has Office 365). So this is one route to consider.

Hope that helps clarify. When I mean STS in #1 & #2, it can be any STS that supports the federation protocol that your application uses. It can be ADFS, Azure AD or other vendors in the market.