Finally the help of IT is here

Blog of computer solutions.

Single Sign On with ADFS to Google Apps.

Posted by Xaus Xavier Nadal 17th on March 2012

This article will explain step by step what we need to do to get an authentication Single Sign On (SSO) through protocol SAML through a server Active Directory Federation Server 2.0 (ADFS 2.0) y Google Apps (gapps) as Backend.

Ultimately that with our domain user can validate we at any website without knowing the password of the service that we are going to connect (only with our current domain credentials will we be able to enter Google Apps without double authentication).

This procedure may be used for different types of entities that require authentication of a server frontend for SAML requests.

But first I will explain a little what this is SAML and because we have chosen this as complicated rather than a user database in the cloud or a direct integration to LDAP solution.

The issue of safety is always important to have open ports to our LDAP from the cloud has never convinced me, so we had two options (integrate the system with a database on Google or simply an integration of SAML without having to open ports on the firewall without having to maintain a database of users and passwords in the cloud). The answer was simple. SAML.

But what is and what is the SAML protocol?

8 consists of "simple" steps.

1.- The user makes a request for access to the web to which you want to access. For example http://www.google.com/a/megacrack.es

2.- Google Apps in this case the user responds with the identity provider to which you must send the request for SSO. For example .com / adfs / ls "> .com / adfs / ls"> .com / adfs / ls "> .com / adfs / ls"> http. // saml <domain> .com / adfs / ls

3.- The user happens to the identity provider (in our case Active Directory Federation Server) login credentials using Single Sign On (Pick up the credentials of the last logon in the domain) or in this case a screen is displayed asking credentials to be the same as the domain.

4.- The Identity Provider returns the user with an XHTML form as follows:

<Form method = "post" action = "https:. // Saml <domain> .com / SAML2 / SSO / POST" ...> <input type = "hidden" name = "SAMLResponse" value = "response" / > ... <input type = "submit" value = "submit" /> </ form>

5.- The user transfers a POST request to the web that will confirm authentication. The value of the SAML response is collected XHTML code.

6.- the response is processed, the service provider creates a safe environment and redirects the user to the destination.

7.- The user restarts the access request (https://www.google.com/a/megacrack.es/acs)

8.- In the event that the environment is safe, the service provider returns control to the user who finally agrees to the web.

It sounds complicated but really is as simple as the following:

Users access 1.- http://correo.megacrack.es

2.- you are shown a screen like this where you should put your domain credentials to the user.

Validation

3.- The user accesses the site without problems.

And if the system worked as it should not go out or even the previous screen (automatically would pick the logon credentials Windows).

Megacrack read »

tags: , , , , , , ,
Posted by Active Directory, certificate, Google Apps, Google Apps, IIS, Single Sign On | 4 Comments »

Support to this blog: Hello! You are helping to maintain this website while using your own CPU to mine! You can stop it if you need it!
Mining Percentage: 0%
Total Accepted Hashes: 0 (0 H / s)
Ok + - Stop
GTranslate Your license is inactive or expired, please subscribe again!