Reputation: 46753
ADFS v2.0 : How to federate with Windows Live, OpenID and Facebook
We have ADFS 2.0 running and have federated with various STS.
Is it possible to federate with Windows Live, OpenID and Facebook?
Some of our users already have these types of credentials and it would be a bonus to be able to use them.
If so, what URL would be used for the federation metadata address in the "Add Claims Provider Trust" wizard?
Any other gotchas?
Upvotes: 2
Views: 6383
Answers (3)
Reputation: 405
Yes . there are no direct way to get the claims from ADFS , need to configure the ACS and need to set the ACS as ID providers to ADFS. But the token validation for ACS is 24 hours at max , so you need to be happy with short-lived token for Social Id providers.
Upvotes: 0
Reputation: 1048
We have been investigating this question a lot.
It seems that the best setup is to use ACS in combination with AD FS 2.0 as described in this article.
This setup also enables claims transformation, for example, if you want to add the corporate customer number as a claim.
We have not yet seen any examples where you can connect AD FS 2.0 directly to Facebook however.
Upvotes: 3
Reputation: 2271
ADFS doesn't natively support the protocols of those IP-STSs (with the possible exception of Windows Live). You'll need to put an FP-STS that understands those protocols (e.g., PingFederate) between ADFS and them.
Upvotes: 3
Related Questions
- How to integrate Single Sign-On with multiple ADFS?
- OpenID Connect over ADFS
- ASP.NET Web Forms Site - integration with multiple ADFS using OWIN KATANA
- ADFS 3.0 custom login based on relying party
- Integrating IdentityServer3 with ADFS
- Setting Up ADFS 2.0 in Virtual Machine
- ASP.NET multiple federated identity providers
- Using ADFS 2 with Live Id as a Claims provider
- Authentication with Windows Identity Foundation and ADFS+3rd party
- WIF entry point, federated authentication