Setup Microsoft Azure SAML 2.0 SSO on an IIS website










0














I have built a web-based application hosted on IIS, but my client wants it to use Azure for SSO. I've read through some documentation, but I am rather lost. I haven't found any documentation that gives me a clear set of instructions on how to integrate SSO on an IIS website which has no current connection with Azure or anything else like that. Do I need to purchase a license from Microsoft to do this? I have some of the details, such as the XML certificate file for my client. But I really don't know where to start.






azure iis







share|improve this question


























    0














    I have built a web-based application hosted on IIS, but my client wants it to use Azure for SSO. I've read through some documentation, but I am rather lost. I haven't found any documentation that gives me a clear set of instructions on how to integrate SSO on an IIS website which has no current connection with Azure or anything else like that. Do I need to purchase a license from Microsoft to do this? I have some of the details, such as the XML certificate file for my client. But I really don't know where to start.






    azure iis







    share|improve this question
























      0












      0








      0







      I have built a web-based application hosted on IIS, but my client wants it to use Azure for SSO. I've read through some documentation, but I am rather lost. I haven't found any documentation that gives me a clear set of instructions on how to integrate SSO on an IIS website which has no current connection with Azure or anything else like that. Do I need to purchase a license from Microsoft to do this? I have some of the details, such as the XML certificate file for my client. But I really don't know where to start.






      azure iis







      share|improve this question













      I have built a web-based application hosted on IIS, but my client wants it to use Azure for SSO. I've read through some documentation, but I am rather lost. I haven't found any documentation that gives me a clear set of instructions on how to integrate SSO on an IIS website which has no current connection with Azure or anything else like that. Do I need to purchase a license from Microsoft to do this? I have some of the details, such as the XML certificate file for my client. But I really don't know where to start.






      azure iis




      azure iis






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 12 '18 at 16:57









      BB Design

      222216




      222216






















          1 Answer
          1






          active

          oldest

          votes


















          1














          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here






          share|improve this answer




















          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09











          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53266791%2fsetup-microsoft-azure-saml-2-0-sso-on-an-iis-website%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here






          share|improve this answer




















          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09
















          1














          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here






          share|improve this answer




















          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09














          1












          1








          1






          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here






          share|improve this answer












          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 12 '18 at 17:25









          Ivan Ignatiev - MSFT

          34617




          34617











          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09

















          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09
















          The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
          – BB Design
          Nov 12 '18 at 18:07




          The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
          – BB Design
          Nov 12 '18 at 18:07




          1




          1




          @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
          – Ivan Ignatiev - MSFT
          Nov 12 '18 at 18:09





          @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
          – Ivan Ignatiev - MSFT
          Nov 12 '18 at 18:09


















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53266791%2fsetup-microsoft-azure-saml-2-0-sso-on-an-iis-website%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          這個網誌中的熱門文章

          Barbados

          圖片
          For other uses, see Barbados (disambiguation). Not to be confused with Barbuda. Coordinates: 13°10′N 59°33′W  /  13.167°N 59.550°W  / 13.167; -59.550 Barbados Flag Coat of arms Motto:  "Pride and Industry" Anthem:  In Plenty and In Time of Need Capital and largest city Bridgetown 13°06′N 59°37′W  /  13.100°N 59.617°W  / 13.100; -59.617 Official languages English Recognised regional languages Bajan Creole Ethnic groups (est. 2010 [1] ) 92.4% black 3.1% multiracial 2.7% white 1.3% East Indian 0.5% other/unspecified Religion 75.6% Christian 2.5% other 20.6% none 1.2% unspecified [1] Demonym(s) Barbadian Bajan (colloquial) Government Unitary parliamentary constitutional monarchy • Monarch Elizabeth II •  Governor-General Dame Sandra Mason • Prime Minister Mia Mottley Legislature Parliament • Upper house Senate • Lower house House of Assembly Independence • From the United Kingdom 30 November 1966 Area • Total 439 km 2 (169 sq mi) (183rd) • Water (%) Negligib
          閱讀完整內容

          How to read a connectionString WITH PROVIDER in .NET Core?

          圖片
          6 I added .AddJsonFile("Connections.json", optional: true, reloadOnChange: true) in public Startup(IHostingEnvironment env) Connections.json contains: "ConnectionStrings": "DefaultConnection": "Server=(localdb)\mssqllocaldb;Database=DATABASE;Trusted_Connection=True;MultipleActiveResultSets=true", "COR-W81-101": "Data Source=DATASOURCE;Initial Catalog=P61_CAFM_Basic;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "COR-W81-100": "Data Source=DATASOURCE;Initial Catalog=Post_PS;User Id=USERID;Password=PASSWORD;Persist Security Info=False;MultipleActiveResultSets=False;Packet Size=4096;", "MSEDGEWIN10": "Data Source=DATASOURCE; Initial Catalog=COR_Basic; Persist Security Info=False;Integrated Security=true;MultipleActiveResultSets=False;Packet Size=4096;Application Name="COR_Basic"", "server&qu
          閱讀完整內容

          Node.js Script on GitHub Pages or Amazon S3

          圖片
          0 I'm wondering if I can run a Node.js script in my Jekyll page from GitHub Pages or Amazon S3? I think it can't run on GitHub Pages since it doesn't support server side code. Not too sure. The code is below: var Airtable = require('airtable'); var base = new Airtable(apiKey: 'YOUR_API_KEY').base('appAnZVyYqusNPV5Q'); base('Invitee list').select( // Selecting the first 3 records in Complete list: maxRecords: 3, view: "Complete list" ).eachPage(function page(records, fetchNextPage) // This function (`page`) will get called for each page of records. records.forEach(function(record) console.log('Retrieved', record.get('Email')); ); // To fetch the next page of records, call `fetchNextPage`. // If there are more records, `page` will get called again. // If there are no more records, `done` will get called. fetchNextPage(); , function done(err) if (err) console.error(err); return; ); node.js
          閱讀完整內容