We are going to be setting up a new environment and SiteMinder has been suggested to help with web app authentication/authorization for both internal users and federat开发者_Go百科ed users. However, we have not had good experiences with Siteminder and would like to avoid it - what alternatives would you suggest?
Edit: We are currently planning to be a RP/SP, but may one day be an IdP as well. OpenID is our first planned IdP, but will expand to additional ones in the future
If the internal users are in Active Directory, you could use ADFS (v2). You won't need additional licenses for ADFS as it is an OS component. For your external users, you can use ACS which supports OpenID, LiveID, Yahoo!, Google (and any WS-Federation IdP) (*).
At a high level it would look like this:
You would use WIF to "claims enable" your app.
(*) As of Feb 2015: ACS might be discontinued or de-invested by MSFT. It is still available though.
ADFS (Windows Server 2012 R2 and newer) will work with any SAML or OpenID Connect Identity Provider, and is very easy to setup. The ADFS server has to be a Domain member but does not have to use Active Directory to authenticate users.
You can Federate your app(s) with ADFS (as a Relying Party), then Federate ADFS with external Identity Providers (as Claims Providers).
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论