Here is the flow we want to implement from the user's perspective:
Scenario1:
- Create Sharepoint Site with claims authentication using external IDp (we call as IAM) to authenticate user.
- ADFS redirects the user to our application SSO page with another set of claims that our application understands, this time using WS-Federation.
- Our application SSO page (configured to use WIF to accept the WS-Federation claims from ADFS) creates as authenticated session for the user, and redirects her to our main page.
I have tried to implement a proof-of-concept and it works all the way.
http://technet.microsoft.com/en-us/library/hh305235(v=office.15).aspxhttp://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
Note: I’m not using Active Directory instead of using WS-Federation and Claims Provider Trusts.
Everything works fine.
Scenario2:
Here is the problem area:-
- User logs in to other application(Java) using their proprietary authentication mechanism with same external IDP login page(which we used same for sharepoint) to authenticate the user and returns the SAML Assertion.
- Allows users to view the java application after successful validation.
- The same app having some links to access some sharepoint lists/document library.
- Here the user don’t want to validate again who already validated.
- When user clicks on the sharepoint link we don’t want to continue from Scenario1. Instead I need to post the same SAML asseration to ADFS and get the FedAuth token and redirect to sharepoint point site with the token.
What we tried programmatically:
- Under C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\IDENTITYMODEL\LOGIN\ created custom Default.aspx and tried to post the saml assertion to ADFS to get the FedAuth token and bind the cookies in browser and redirect to /Sites/Default.aspx. – but not worked.
- Get the SAML Assertion and post to https://mysite/adfs/ls/ but we are not getting the response from ADFS.