Single sign-on using Shibboleth
I need to implement Single Sign On in my .NET (3.5) project using Shibboleth . The detailed requirement goes like this: 1) I have developed a web application using .NET (3.5) named "abc.com". 2) There are some third party apps that will run from "abc.com" 3) If I log in to "abc.com" and now if I run any of the supported third party apps it shouldn't ask for information again to enter.
Since the last days I have been reading Shibboleth from https://spaces.internet2.edu/display/SHIB2/Home
I also installed Identity Provider (IdP) and Service Provide (SP) from https://spaces.internet2.edu/display/SHIB2/Installation However, I can't figure out how my "abc.com", third party app and Shibboleth will fit into one picture?
Can anyone guide me?
a source to share
To accomplish what you want, you need to enable SAML not only of abc.com, but all third party applications. Basic SAML Web SSO operates under the assumption that each secured service communicates with an IdP.
So, if all parties support SAML Web SSO, you will get something like this:
- User goes to abc.com, gets redirected to their IdP, registers to start a new session, redirects back to abc.com and is allowed to
- User clicks the link provided by abc.com to app A
- The user navigates to Application A, receives a redirect to the IdP, is not prompted to login since the session exists, is redirected by Application A, and is allowed.
Rinse and repeat step 3 for each third party application.
a source to share
In addition to what Chad said, you need to set up the shibboleth config file correctly for each application. (Mine is called shibboleth2.xml.) This configures your .NET application (I am assuming I am running under IIS with a certificate) to safely pass login values โโto IdP for auth. IIS needs to have an HTTP redirect set for MATCH shibboleth config, maybe https://abc.com/secure in your case.
a source to share