AD FS 2.0 with PingIdentity / AppFabric Labs ACS

Question

Could be a simple question, I'm just looking really for someone that has implemented this. I've got AppFabric Labs v2 currently working with an AD FS 2.0 server with Active Directory, that's all fine and then this links to AppFabric, and routes round to my .NET app (relying party).

My question is simple - how do I get PingIdentity to work with AppFabric and come up as an STS provider? I've tried importing the .XML meta data from the PingIdentity admin system with no joy.

Is the common route for people to attach their AD FS 2.0 server to AppFabric and then attach PingIdentity to their AD FS 2.0 server as a claims provider?

Answer 1

What happened when you imported the metadata into ACS? Can you provide more details of what's not working?

Regarding:

Is the common route for people to attach their AD FS 2.0 server to AppFabric and then attach PingIdentity to their AD FS 2.0 server as a claims provider?

Either way could work. ACS is still "labs" so not many production systems have gone live, so in terms of actual cases, you will find more ADFS<->Ping. But, again, either would work and this is one of those "it depends". I'm assuming your PingIdentity STS is an "Identity Provider" (meaning that it authenticates users), so in general it would be the last STS in the chain.

Some questions you need to ask yourself for making a decision:

• How much would you need to transform the claims issued by Ping? How powerful of a claims transformation capability do you need? (ADFS has more powerful claims transformation capabilities than ACS)
• What protocols does Ping STS enable? (WS-Fed? SAMLP?: ADFS supports SAMLP, ACS not yet)
• Who owns this STS (you, a partner?) How much control you have on each?
• Which is the platform you are more comfortable managing? which one would you like to "leave alone" as much as possible?

Also, you marked this question as "answered" but it seems related to this one.