Single Sign on using Shibboleth

Question

Hi, I have to implement Single Sign On in my .NET(3.5) project using Shibboleth. Detailed requirement goes this way: 1) I have developped a web application using .NET (3.5) named "abc.com". 2) There are some third party applications which will be launched from "abc.com" 3) If I have logged in to "abc.com" and now if I launch any of the supported third party applications then it should not ask for login information again.

From last few days I have been reading Shibboleth from https://spaces.internet2.edu/display/SHIB2/Home

I have also installed Identity provider (IdP) and Service Provide (SP) from https://spaces.internet2.edu/display/SHIB2/Installation Still I am unable to make out how my "abc.com", third party application and Shibboleth will fit into one picture?

Can anyone please guide me?

Answer 1

Hi,

Did you integrate shibboleth with your application ?

I have the same scenerio now.

Can you guide how you did that ?

Looking forward your response.

Thanks.

Answer 2

In order to accomplish what you'd like, you will need to SAML-enable not only abc.com but all the third party applications as well. Basic SAML Web SSO works under the assumption that each protected service communicates with the IdP.

So, if all parties support SAML Web SSO you'll end up with something like this:

1. User goes abc.com, gets redirect to their IdP, logs in to start a new session, gets redirected back to abc.com and is allowed in
2. User clicks on link, presented by abc.com, to Application A
3. User goes to Application A, gets redirected to IdP, is not prompted to log in since a session exists, gets redirected by Application A and is allowed.

Rinse and repeat step 3 for each third party application.