Implementing SSO using ADFS

Question

Am pretty new to ADFS. We have a requirement of enabling SSO between our application (A) and Client application (B). B is configured to authenticate against ADFS. We need to integrate A with B and enable SSO. User will always login from B and will have link to A. When user clicks on link, he should be navigated to page in A. We want the authentication mechanism to A via a centralized module (may be service).

I have 2 questions. 1. if we get relevant information from client ADFS like Relying party Id,ADFS endpoint and Certificate details to implement a service that will take care of passing claims to our application A, is it possible.

2. Once the user cliks on link in B, how do we get the claims in A if A is not "Hardcoded" configured with client's ADFS.

Kindly guide.

Answer 1

There are multiple ways:

• both A and B are federated with your ADFS and use ws-fed, thus navigating to A from B involves ADFS but this happens quickly and without user interaction
• B acts as a Relying STS so that A authenticates in B using ws-fed. This is difficult if you haven't done this before
• B passes user credentials to A using yet another, completely custom way. One of our apps (your B) shows a qr-code that another app (your A) scans and uses the qr encoded one-time guid to ask B directly on whom the guid belongs to

My recommendation is the first way and the last if first is not applicable.