0
votes

I involved in the design of a single sign on platform for a bunch of web application . These web application understands SAML 1.1 .Our Identity Provider on the other hand works on SAML 2.0 specification . Now My query is ADFS (Active Directory Federation Service) a good platform that can sit between web applications and identity providers that can also convert SAML 2.0 to SAML 1.1 and also allows me to plug my own business rule based on successful /unsuccessful authentication . Also if someone can refer any example based on similar requirement.

1

1 Answers

0
votes

ADFSv2 does not support SAML 1.1 (Passive Federation)..only SAML2 and WS-Federation for Web SSO. ADFSv2 does support SAML 1.1 and 2.0 tokens as part of its STS capabilities but that doesn't sound what you are looking for. So, if you are looking for Web SSO and need to be able to support multiple protocols (SAML 1.1 to start), you will need a different solution that will allow you to do this easily.

Check out PingFederate - it can simultaneously support SAML 1.0, 1.1, 2.0, WS-Fed (Passive) WS-Trust as the IDP and SP. It will also support OAuthv2 [Note: I do work for Ping].

HTH- Ian