Re: ADFS with ASP application

Hi Joe,

We were facing issues with setting up the undermentioned page itself,
the 'sids' object is coming up as null .

I think we are stuck with Claims as far as setting up ADFS in
conjunction to the step-by-step guide. I am now using the
non-sharepoint token-based app setup as described in Nick's blog. We
get till the discovery page and after selecting the realm, asp error
page appears where in it says the credentials could not be verified at
the resource partner adfs web site.

Will setting up claims only as much is asked in the step-by-step
document suffice? I read in some posts of your's that you don't quite
follow that and set up UPN-UPN claims instead, could you pls help me
set up the claims? In production we will need group mapping but for now
I am ok with any setting.

Another question is what should be the security level at ADFS site,
when it gets installed (after installing ADFS) the default permissions
are anon on both the sites, but that does not work and the error
description on the adfs error page prompts to set it to Integrated,..
Just wanted to make sure it is expected to be set at that??

Thanks a lot,
- Vivek

Joe Kaplan wrote:
The first thing I'd do is set up the test page that I discuss in this blog
posting so you can see what Windows token is being created by ADFS as a
result of the federated login. That will help you figure out what's going
on so you can apply that knowledge to to the ASP app (which is likely more
difficult to troubleshoot as you don't has this kind of easy access to the
authenticated user's token like you do in .NET).

http://www.joekaplan.net/DiscoveringTheUsersNameAndGroupsInTheirWindowsToken.aspx

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<viveque.kumar@xxxxxxxxx> wrote in message
news:1168277603.416111.172830@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Joe,
I followed the step by step guide to achieve the token-based
authentication but we were not successful in doing so. Could you mail
me some steps that you might have tried on your own.

Thanks in advance,
Vivek

Joe Kaplan wrote:
ADFS can work here if you use the Windows token model for integration
(using
the stuff integrated into the IIS MMC UI). In that mode, ADFS can work
with
any app that runs on IIS. The app doesn't need to be .NET 2.0 (although
.NET 2.0 must be installed on the machine for ADFS to be installed and
used).

You would change the setting in IIS from integrated to anonymous, but
ADFS
would actually create a Windows token for you with the ADFS agent and the
app would continue to function as if it was working like integrated auth.

The real trick here is coming up with a viable strategy for how you want
to
map user tokens (shadow users or shadow groups).

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
<viveque.kumar@xxxxxxxxx> wrote in message
news:1168012536.605350.251840@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

We have a legacy ASP application and we are looking at SSO for an
integration project.

Our application works on Integrated authentication mechanism and the
requirement is that users from other domains when accessing this
application need not sign in again.

So after some research I stumpled upon ADFS to achieve this.

My question is this, given the above scenario, will ADFS work here?
Doesn't ADFS require ASP.NET applications?
Will the application security settings need to be changed from
Integrated to Anonymous?

TIA,
- Vivek



.

Relevant Pages

  • Re: ADFS and Classic ASP
    ... ASP but I'll continue to research a viable solution. ... "Joe Kaplan" wrote: ... ADFS has two supported methods for app integration: ... but the app has to be designed essentially to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ADFS Web Agent exception
    ... You can definitely achieve what you want to do with ADFS. ... you need at least one federation server to ... hosts your ADAM account store, as you'll get more flexibility with how you ... claims integration is a struggle and isn't well documented ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADFS - SAML audience
    ... my knowledge primarily on my own experiences with testing and deploying ADFS ... Token-based integration gives you more compatibility, ... SSO internally with another product (although ADFS does provide a possible ... If the resource FS issues a SAML token with the aufdience set to the URL ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADFS with ASP application
    ... ADFS can work here if you use the Windows token model for integration (using ... the stuff integrated into the IIS MMC UI). ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADFS with ASP application
    ... So far I was looking at claim aware app, via the Step by step guide, ... .NET 2.0 must be installed on the machine for ADFS to be installed and ... map user tokens. ... integration project. ...
    (microsoft.public.windows.server.active_directory)