It was buggy and too cumbersome to maintain. Also, the stack acted as a kind of R-STS in that it had various SAML connections to other IDP that it managed.
So what alternatives do they have:
- Keep SAML - purchase a commercial stack
- Keep SAML client side - purchase a commercial stack - move the IDP connections to ADFS - communicate to ADFS via SAML
- Keep SAML client side - use OWIN SAML (Community - not developed by Microsoft) - move the IDP connections to ADFS - communicate to ADFS via SAML
- Ditch SAML client side - use WIF - move the IDP connections to ADFS - communicate to ADFS via WS Federation
- Ditch SAML client side - use OWIN WS Federation - move the IDP connections to ADFS - communicate to ADFS via WS Federation
Also it allows mix and matching of metadata i.e. the client and IDP side's metadata does not have to match - essentially ADFS acts as a bridge.
And it future proofs the solution in that now that ADFS is in the mix, you now have social, Azure AD, ACS etc.
Enjoy!
No comments:
Post a Comment