Setup Microsoft Azure SAML 2.0 SSO on an IIS website










0














I have built a web-based application hosted on IIS, but my client wants it to use Azure for SSO. I've read through some documentation, but I am rather lost. I haven't found any documentation that gives me a clear set of instructions on how to integrate SSO on an IIS website which has no current connection with Azure or anything else like that. Do I need to purchase a license from Microsoft to do this? I have some of the details, such as the XML certificate file for my client. But I really don't know where to start.










share|improve this question


























    0














    I have built a web-based application hosted on IIS, but my client wants it to use Azure for SSO. I've read through some documentation, but I am rather lost. I haven't found any documentation that gives me a clear set of instructions on how to integrate SSO on an IIS website which has no current connection with Azure or anything else like that. Do I need to purchase a license from Microsoft to do this? I have some of the details, such as the XML certificate file for my client. But I really don't know where to start.










    share|improve this question
























      0












      0








      0







      I have built a web-based application hosted on IIS, but my client wants it to use Azure for SSO. I've read through some documentation, but I am rather lost. I haven't found any documentation that gives me a clear set of instructions on how to integrate SSO on an IIS website which has no current connection with Azure or anything else like that. Do I need to purchase a license from Microsoft to do this? I have some of the details, such as the XML certificate file for my client. But I really don't know where to start.










      share|improve this question













      I have built a web-based application hosted on IIS, but my client wants it to use Azure for SSO. I've read through some documentation, but I am rather lost. I haven't found any documentation that gives me a clear set of instructions on how to integrate SSO on an IIS website which has no current connection with Azure or anything else like that. Do I need to purchase a license from Microsoft to do this? I have some of the details, such as the XML certificate file for my client. But I really don't know where to start.







      azure iis






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 12 '18 at 16:57









      BB Design

      222216




      222216






















          1 Answer
          1






          active

          oldest

          votes


















          1














          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here






          share|improve this answer




















          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09











          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53266791%2fsetup-microsoft-azure-saml-2-0-sso-on-an-iis-website%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here






          share|improve this answer




















          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09
















          1














          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here






          share|improve this answer




















          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09














          1












          1








          1






          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here






          share|improve this answer












          You have a configuration guide for non-gallery applications :



          https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications



          To enable your application for SAML SSO at IIS level, you can use Shibboleth ISAPI Filter https://www.shibboleth.net/products/service-provider/



          Or integrate SAML2 in your OWIN application with Sustainsys.Saml2 library : https://github.com/Sustainsys/Saml2



          You can also find a step-by-step instructions on Azure Portal :



          enter image description here







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 12 '18 at 17:25









          Ivan Ignatiev - MSFT

          34617




          34617











          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09

















          • The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
            – BB Design
            Nov 12 '18 at 18:07






          • 1




            @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
            – Ivan Ignatiev - MSFT
            Nov 12 '18 at 18:09
















          The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
          – BB Design
          Nov 12 '18 at 18:07




          The first URL is a set of instructions my client would use to connect their Azure to my application, once I have SAML2/SSO setup, and assuming my application is not listed in Microsoft's gallery of pre-approved applications, correct? I don't see much in there that helps me configure my application. So it sounds like IIS won't do this on its own, I need to install Shibboleth or Sustainsys.Saml2? Likewise, I have the step-by-step instructions in your screenshot, but those are instructions my client would use, again not really helpful for my configuration/install issue?
          – BB Design
          Nov 12 '18 at 18:07




          1




          1




          @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
          – Ivan Ignatiev - MSFT
          Nov 12 '18 at 18:09





          @BBDesign Your are correct, your client need to preregistre your application in Azure AD give you certificate and SAMLv2 endpoints. After, your application or Web-server need support SAMLv2. To manage SAMLv2 at IIS level you need to install Shibboleth otherwise you need integrate SAMLv2 support to your application (so you need to find a good library for it). The instructions on the screenshot is for you.
          – Ivan Ignatiev - MSFT
          Nov 12 '18 at 18:09


















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53266791%2fsetup-microsoft-azure-saml-2-0-sso-on-an-iis-website%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          這個網誌中的熱門文章

          How to read a connectionString WITH PROVIDER in .NET Core?

          Node.js Script on GitHub Pages or Amazon S3

          Museum of Modern and Contemporary Art of Trento and Rovereto