This is a classic example of too much information = too much confusion.
I have a ASP.NET web application that uses the usual POST form authentication and would like to implement SSO.
Since we’re a Microsoft shop we will use the ADFS 2.0. In order to implement SSO I understand that I will need to have also WIF to process SAML requests?
Do I install the WIF under the same server as the ADFS?
I still want to re-direct failed SSO requests or non SSO requests to use the form, how do I handle this?
Can someone please describe the flow?
Thanks!
So you are using SAML to some 3rd party STS?
WIF (out the box) does not support SAML.
There is a WIF SAML extension but this is only CTP (Community Technology Preview) at this point.
WIF is integrated with your ASP.NET application. For .NET 4 and below, there is a separate download. For .NET 4.5, it’s integrated.
WIF is just a set of .NET classes inside your application.
You integrate WIF with your ASP.NET application using a tool called FedUtil which is part of the WIF SDK download. (Invoked by “Add STS” inside VS).
The ADFS install installs WIF on the server but this is seperate to your application.
The flow is:
.NET Application –> (WIF) –> (WS-Federation) –> ADFS –> (SAML) –> STS