This is using ADFS 3.0.
The authentication flow is:
Application --> ADFS RP-STS --> ADFS CP --> Authenticate
The RP-STS indicates that the flow is just passing through this.
The federation is done in the usual manner by importing the metadata.
For convenience, we'll use ADFSR for the R-STS instance and ADFSC for the CP instance.
For ADFSC, ADFSR is configured as a RP.
For ADFSR, ADFSC is configured as a CP. This means that ADFSC will appear on the HRD screen of ADFSR.
Looking at the ADFSC tabs as configured on ADFSR:
The Identifier is http://adfsc/adfs/services/trust
The Certificate is the ADFS Signing certificate for ADFSC
The Encryption is the ADFS Encryption certificate for ADFSC
The Endpoints are:
- ADFSC WS-Fed Passive Endpoints
- ADFSC SAML Artifact Resolution Endpoints
- ADFSC SAML SSO Endpoints
- ADFSC SAML Logout Endpoints
Looking at the ADFSR tabs as configured on ADFSC:
The Identifiers are:
http://adfsr/adfs/services/trust
http://adfsr/adfs/ls
Some http://adfsr/adfs/services/trust/13 and http://adfsr/adfs/services/trust/2005
The Signature is the ADFS Signing certificate for ADFSR
The Encryption is the ADFS Encryption certificate for ADFSR
The Endpoints are:
- ADFSR WS-Fed Passive Endpoints
- ADFSR SAML Artifact Resolution Endpoints
- ADFSR SAML SSO Endpoints
- ADFSR SAML Logout Endpoints
No comments:
Post a Comment