Thanks for reading. I am trying to perform SSO between my website(Site1) and another site(Site2) that we have association with. I'd like to use WIF and STS. My website is already connected to a SQL server database and i authenticate against that database. Once I'm authenticated, I'd like to show a link/icon on my main page that links to the other site(site2) and provides the claims that the other site(site2) needs. From what I've seen online its mostly the case that on requesting a resource on site2, the system redirects to STS site and on successful login at the STS the claims are presented to the site2 and user is provided access. How can i achieve IDP initiated SSO? On clicking a link post login, i'd like to authenticate to site2 page.
1
votes
1 Answers
3
votes
The simplest implementation of this scenario with claims based authentication (with WIF and ASP.NET) is to have Site1 and Site2 both trust an STS. So there would be 3 components. The other answers (and your question) seem to suggest that Site1 and the STS are a single thing, which is not generally recommended.
Sequence would be:
- User goes to Site1 for the first time. Since he is unauthenticated, he is redirected to the STS.
- STS authenticates user and issues a token for Site1. Creates a session with the user.
- Browser posts back the token to Site1 where another session is created.
- User clicks on a link to Site2. For Site2, the user is unauthenticated, so redirects to STS
- User reaches the STS. He is already authenticated, STS proceeds to issue a second token for Site2 (potentially and often with different claims)
- Browser posts back 2nd token to Site2. Session is created.
Update: This chapter of the claims guide talks about SharePoint specific settings and config. http://msdn.microsoft.com/en-us/library/hh446525.aspx
