Ideas and thoughts about Microsoft Identity, C# development, cabbages and kings and random flotsam on the incoming tide
Friday, October 26, 2012
ADFS : IDP / IP and SP Initiated flows
This confuses some people so some ADFS v2.0 screen shots might be helpful.
SP Initiated is the more normal flow. The user navigates to the application, WIF (or whatever) redirects to ADFS and you get the normal login screen:
After the user is logged in, the application gets the SAML token.
IDPInitiated in ADFS only works for SAML bindings.
The ADFS IDPInitiated URL is:
https://xxx/adfs/ls/IdpInitiatedSignOn.aspx
ADFS looks through all the configured RP to find any with a SAML binding and then displays them all in the dropdown.
The user can either sign in first using the first option and then navigate directly to one of the dropdown applications or first select a dropdown entry using the second option and then sign in.
After the user is logged in, the application gets the SAML token.
The SAML token is the same for both IP and SP initiated.
Enjoy!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment