SSO using WSTrustChannelFactory
-
I have a client who wants to establish SSO with a Salesforce site (different domain) using ADFS as the IdP/STS. Unfortunately, they do not want to use the login page on ADFS - they want to continue to use their site's login page, taking away my option for using passive federation. I have already written code using WSTrustChannelFactory that is successfully authenticating the user via the ADFS server, decrypting the claims being returned, building the ClaimsIdentity, ClaimsPrincipal, SessionSecurityToken (SST) and using the FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie() to write the SST to the cookie. I now have two questions. First, do I need to do anything else so that when the user is redirected to the Salesforce site that site will be able to determine that the user was already authenticated on "my" site? Second, since I can't use WIF's FAM/SAM modules to "automatically" determine if authentication has already occurred, what steps do I need to take on the client's site to deal with the situation wherein the user authenticated on the Salesforce site then navigated to my client's site?
-
I have a client who wants to establish SSO with a Salesforce site (different domain) using ADFS as the IdP/STS. Unfortunately, they do not want to use the login page on ADFS - they want to continue to use their site's login page, taking away my option for using passive federation. I have already written code using WSTrustChannelFactory that is successfully authenticating the user via the ADFS server, decrypting the claims being returned, building the ClaimsIdentity, ClaimsPrincipal, SessionSecurityToken (SST) and using the FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie() to write the SST to the cookie. I now have two questions. First, do I need to do anything else so that when the user is redirected to the Salesforce site that site will be able to determine that the user was already authenticated on "my" site? Second, since I can't use WIF's FAM/SAM modules to "automatically" determine if authentication has already occurred, what steps do I need to take on the client's site to deal with the situation wherein the user authenticated on the Salesforce site then navigated to my client's site?
A few line-breaks would go a long way towards making that wall of text more readable. :)
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
