The original meaning of RelayState is that the SP can send some value to the IDP together with the AuthnRequest and then get it back. The SP can put whatever value it wants in the RelayState and the IDP should just echo it back in the response. This RelayState parameter is meant to be an … Read more
There are multiple options to implement SSO for a .NET application. Check out the following tutorials online: Basics of Single Sign on, July 2012 http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO GaryMcAllisterOnline: ASP.NET MVC 4, ADFS 2.0 and 3rd party STS integration (IdentityServer2), Jan 2013 http://garymcallisteronline.blogspot.com/2013/01/aspnet-mvc-4-adfs-20-and-3rd-party-sts.html The first one uses ASP.NET Web Forms, while the second one uses ASP.NET MVC4. If … Read more
The SSO solution that I’ve implemented here works as follows: There is a master domain, login.mydomain.example with the script master_login.php that manages the logins. Each client domain has the script client_login.php All the domains have a shared user session database. When the client domain requires the user to be logged in, it redirects to the … Read more
IDP Initiated SSO From PingFederate documentation :- https://docs.pingidentity.com/bundle/pf_sm_supportedStandards_pf82/page/task/idpInitiatedSsoPOST.html In this scenario, a user is logged on to the IdP and attempts to access a resource on a remote SP server. The SAML assertion is transported to the SP via HTTP POST. Processing Steps: A user has logged on to the IdP. The user requests access … Read more
Redirecting the user to the central authentication service when the user is not logged in to request credentials and issue a new authentication token is the common scenario in Single Sign On systems using well-known protocols like oauth2 or OpenId Connect However when this schema is used across domains the main drawback is that the … Read more
OpenID is not a ‘successor’ or ‘substitute’ for CAS, they’re different, in intent and in implementation. CAS centralizes authentication. Use it if you want all your (probably internal) applications to ask users to login to a single server (all applications are configured to point to a single CAS server). OpenID decentralizes authentication. Use it if … Read more