Re: Architecture Advice

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Pablo Cibraro" <pcibraro@xxxxxxxxxxx>
Date: Wed, 29 Mar 2006 12:27:25 -0300

Hi,

In my opinion, you should use SAML to implement a sigle sign on solution.
There is an implementation of SAML for WSE 3.0 here
http://practices.gotdotnet.com/projects/saml
Usually, the architecture for an application that uses SAML tokens contains
three main components:

1. Client Application
2. Secure Token Service (STS): It is the authority responsible of emitting
SAML tokens. The client and the service, both trust this authority.
3. Service

You can authorize user against ADAM in the STS. If you want to know more
information about SAML, take a look to these articles I wrote in my blog,

http://weblogs.asp.net/cibrax/archive/2005/08/01/421233.aspx
http://weblogs.asp.net/cibrax/archive/2006/02/02/437180.aspx

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

"LockyBoy" <LockyBoy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8CD31D21-6DC5-490E-ACED-3F09603F8662@xxxxxxxxxxxxxxxx

Hi All

we currently run several web services which run from a sql back end.
Currently all users are authenticated before using each webmethod by
passing
a user id in the soap body, and authenticating against sql.

I want to implement a single sign on whereby users are authenticated and
then don't have to go through the authentication process again, and
services
are authorised by windows roles assigned at sign on.

I'd like to authorise users against ADAM, but the examples I've seen are
for
direct authentication with username and wse3, which as far as I can
gather,
does not allow for single sign on.

I assume I need to use ADAM as a brokered authentication service and issue
a
security token to negate authentication calls after the first time.

Am I right in my assumptions, or could someone please clarify what steps I
need to take to accomplish this?

Thanks in advance for any help.

Prev by Date: Re: WSE 3 > VB.Net > CreateClientOutputFilter
Next by Date: Re: What certificate do i require?
Previous by thread: money try this
Next by thread: wse config tool puts invalid signatureOption attributes into policy cache
Index(es):
- Date
- Thread

Relevant Pages

Re: Architecture Advice
... Could you point out the benefits of sts over Kerberos authentication in this ... username/password, i.e Comapny a has 100 employees, their username/password ... you should use SAML to implement a sigle sign on solution. ... both trust this authority. ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: Architecture Advice
... WSE3 is only a framework that adds WS-* support to the Web services stack. ... WS-Federation with SAML has the following benefits over Kerberos: ... Could you point out the benefits of sts over Kerberos authentication in ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: Architecture Advice
... Kerberos only works if your client application and your service are in the ... WS-Federation with SAML has the following benefits over Kerberos: ... Could you point out the benefits of sts over Kerberos authentication in ... the architecture for an application that uses SAML tokens ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: Architecture Advice
... same windows domain or different windows domains with trust relationship. ... WS-Federation with SAML has the following benefits over Kerberos: ... Could you point out the benefits of sts over Kerberos authentication in ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: WSE 2.0 (SP3) and SAML
... WSE 2.0 doesn't have an API to support SAML tokens. ... to manually build and include them as part of SOAP header. ...
(microsoft.public.dotnet.framework.webservices.enhancements)