H
H Zeng
Guest
Hi there,
We have a client/server .Net application. The client talks to the server over a SSL/TCP socket. The server maintains a user table to authenticate and authorize the user access. Right now, we are looking to integrate Windows credential to allow user to sign on the server through the client without supplying their credential again. I have read pieces of information about SSO (ADFS, Kerberos, SAML, SSPI, claim based authentication, etc), but I have not been able to string them together for a feasible solution.
So far, it seems that I have two options:
1. Implement a SAML client proxy, somehow it passes the Kerberos token to ADFS, obtain a SAML assertion and then pass it to the server. (We are looking to implementing SAML on the server side.) But this looks fairly involved. Would love to know if there is any library already available to achieve this, so I dont need to talk to ADFS directly?
2. Use SSPI pass Kerberos token to the server, the server impersonates the client, make a connection to ADFS, get the rules and determine if the user is authorized. I dont even know if this is the way to go. If so, I need more specific information about implementing this. If not, please give me some pointers.
How does people usually resolve this kind of problem?
Thanks in advance,
HZ
Continue reading...
We have a client/server .Net application. The client talks to the server over a SSL/TCP socket. The server maintains a user table to authenticate and authorize the user access. Right now, we are looking to integrate Windows credential to allow user to sign on the server through the client without supplying their credential again. I have read pieces of information about SSO (ADFS, Kerberos, SAML, SSPI, claim based authentication, etc), but I have not been able to string them together for a feasible solution.
So far, it seems that I have two options:
1. Implement a SAML client proxy, somehow it passes the Kerberos token to ADFS, obtain a SAML assertion and then pass it to the server. (We are looking to implementing SAML on the server side.) But this looks fairly involved. Would love to know if there is any library already available to achieve this, so I dont need to talk to ADFS directly?
2. Use SSPI pass Kerberos token to the server, the server impersonates the client, make a connection to ADFS, get the rules and determine if the user is authorized. I dont even know if this is the way to go. If so, I need more specific information about implementing this. If not, please give me some pointers.
How does people usually resolve this kind of problem?
Thanks in advance,
HZ
Continue reading...