We have 2 internet web applications, one is ASP.NET MVC web app and another is a JSP web application using Weblogic as its app server.
These 2 web applications use a custom username and password for authentication which is maintained by a centralised Access Control Management (ACM).
We are thinking of using ADFS to achieve single sign on (SSO) between the 2 web applications. I am trying to visualise the authentication flow and wanted to know whether my understanding is right:
1. Public user clicks on the log on link to the ASP.NET web app.
2. User is redirected to ADFS login form (that means I will need to customise this portion to connect to ACM to authenticate the user).
3. User is authenticated and token is returned from ADFS to the ASP.NET web app.
4. User is logged in to the ASP.NET web app.
5. Inside the ASP.NET web app, user clicks on a link to the JSP web app.
6. User is redirected to the JSP web app.
7. JSP web app redirects user to the ADFS login form.
8. ADFS somehow knows that user is already logged in and immediately redirect back to JSP web app without prompting user to key in username and password again.
9. User is logged in to the JSP web app.
Is my understanding above correct? I am still unsure about Step 8 on how ADFS knows that the same user has logged in previously.
解决方案
Yes, your understanding is correct.
ADFS puts cookies in the web browser to identify that the user already has a ticket.
Both your ASP.NET web app and the Java JSP web app will need to be claims aware.
2927
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
