Wednesday Dec 10, 2008

Using SAML 1.x or SAML 2.0 to authenticate Sharepoint users

I came across a question regarding Sharepoint and SAML1.1.
A partner wanted to connect Microsoft Sharepoint with a SAML 1.1 Identity Provider (in this case the Belgian Federal Authentication Service - FAS).
The main problem is that Sharepoint does not speak SAML 1.1, nor does the Windows platform it is running on.

The solution via Sun's OpenSSO is simple as it supports loads of federation protocols !

  1. First setup SAML 1 single sign-on between the SAML 1 IDP and OpenSSO as SAML1 SP

  2. Then setup WS-Federation SSO between OpenSSO as an IDP and Microsoft Sharepoint as a Service Provider (SP)

  3. Initiate SAML 1 SSO from the SAML 1 IDP with final redirect URL set to the  OpenSSO WS-Federation SSO initialization point  (for example http://://WSFederationServlet/metaAlias/?goto= )

  4. In this case, SAML 1 IDP will start an IDP initiated SSO and post the Assertion to the OpenSSO  server instance

  5. The OpenSSO server will then process the SAML1 protocol accordingly, and  redirect to WS-Federation SSO initiation URL

  6. After completion, OpenSSO will then  start WS-Federation protocol and send the assertion to Microsoft Sharepoint to complete  WS-Federation protocol.

One thing to note - Sharepoint will need an 'SP' instance of AD-FS to communicate with OpenSSO as Sharepoint itself does not speak WS-Federation.

So - the protocol connection would look like :
SAML 1 IdP -- SAML1 --> OpenSSO -- WS-Fed  --> AD-FS --> Sharepoint 

Thank you Pat Patterson and Qingwen Cheng for helping me solve the question.

A similar use-case using SAML2 in stead of SAML1 is even more easy, thanks to OpenSSO's multi-federation Protocol Hub.

About

Bert Van Beeck is a Senior Software Architect at Sun Microsystems, specialized in Sun's Identity Management portfolio. He's part of the Northern European pre-sales software team.

Search

Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today