SAM2009
asked on
How to implement SSO?
Hi,
I just want to understand more about SSO. I know that is single sign on but which application or software should we install to implement SSO in AD environment?
I just want to understand more about SSO. I know that is single sign on but which application or software should we install to implement SSO in AD environment?
You might need to install "AD FS 2.0"...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think we are complicating things than it should be. First question would be if your application is web based and if so, you could implement NTLM login. If your application spans multiple servers then you could enable Kerberos.
If your application will be hosted in the cloud then ADFS would be an option and as far as WIF is concerned, it could be used for any scenario and is more complicated.
If your application will be hosted in the cloud then ADFS would be an option and as far as WIF is concerned, it could be used for any scenario and is more complicated.
ASKER
What is Salesforce SSO is a Microsft product or a third party tool?
No Salesforce is a 3rd party application. These articles may help you with the SSO:
https://developer.salesforce.com/page/Single_Sign-On_with_Force.com_and_Microsoft_Active_Directory_Federation_Services
http://resources.docs.salesforce.com/202/8/en-us/sfdc/pdf/salesforce_single_sign_on.pdf
https://developer.salesforce.com/page/Single_Sign-On_with_Force.com_and_Microsoft_Active_Directory_Federation_Services
http://resources.docs.salesforce.com/202/8/en-us/sfdc/pdf/salesforce_single_sign_on.pdf
ASKER
But it uses for what? Do we need also a third party tool to make SSO works?
No it's configured between the application and your own identity provider (which AD FS provides for AD)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
One more question. I heard peoples say that ADFS SSO authentication is case sensitive and they really complain about that. Is that true?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would recommend AD FS 3.0 on 2012 R2 as it has better out of the box security.
There are lots of articles online regarding AD FS deployment, plan it correctly and it'll be a straightforward install. One of the best resources is the MS technet deployment guide:
https://technet.microsoft.com/en-us/library/dn486775(v=ws.11).aspx
https://technet.microsoft.com/en-us/library/dn486775(v=ws.11).aspx
ASKER
Then why some applications using with adfs sso are not id case sensitive and some are?
I believe most are case sensitive, which ones aren't? and are they using ADFS SSO?
ASKER
Like Cisco Jabber is not case sensitive.
i think you'll find that the Federation ID is case-sensitive even with jabber!
Why does it matter is if it is case sensitive or not?
Why does it matter is if it is case sensitive or not?
ASKER
I just try to understand.
Fair enough, but I wouldn't worry about that too much.
In terms of AD FS, the MS technet article goes through it very well and should be a very good starting point, if not more, for designing the implementation.
In terms of AD FS, the MS technet article goes through it very well and should be a very good starting point, if not more, for designing the implementation.
ASKER
Thanks to all for your help!