问题
I have to implement Single Sign On in my .NET(3.5) project using Shibboleth. Detailed requirement goes this way: 1) I have developped a web application using .NET (3.5) named "abc.com". 2) There are some third party applications which will be launched from "abc.com" 3) If I have logged in to "abc.com" and now if I launch any of the supported third party applications then it should not ask for login information again.
From last few days I have been reading Shibboleth from https://spaces.internet2.edu/display/SHIB2/Home
I have also installed Identity provider (IdP) and Service Provide (SP) from https://spaces.internet2.edu/display/SHIB2/Installation Still I am unable to make out how my "abc.com", third party application and Shibboleth will fit into one picture?
Can anyone please guide me?
回答1:
In order to accomplish what you'd like, you will need to SAML-enable not only abc.com but all the third party applications as well. Basic SAML Web SSO works under the assumption that each protected service communicates with the IdP.
So, if all parties support SAML Web SSO you'll end up with something like this:
- User goes abc.com, gets redirect to their IdP, logs in to start a new session, gets redirected back to abc.com and is allowed in
- User clicks on link, presented by abc.com, to Application A
- User goes to Application A, gets redirected to IdP, is not prompted to log in since a session exists, gets redirected by Application A and is allowed.
Rinse and repeat step 3 for each third party application.
回答2:
In addition to what Chad said, you need to setup your shibboleth configuration file correctly for each application. (Mine is called shibboleth2.xml.) That configures your .NET application (I assume running under IIS with a certificate) to securely pass the logon values to the IdP for auth. IIS should have the HTTP redirect set to MATCH the shibboleth configuration, probably https://abc.com/secure in your case.
来源:https://stackoverflow.com/questions/2826824/single-sign-on-using-shibboleth