Newbie to Microsoft SSO Authentication. Have metadata, pubic cert and login url and Azure AD identifier and entityid. When I was going through this SAML2.0 i see diff types of auth strategies like Federation Services, ADFS, Active Directory, Azure Directory... Getting confused and trying to visualize the type of authentication these details support.
https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-nodejs-webapp-msal
Can somebody point me what type of authentication that we can provide with below details ?
metadata, pubic cert and login url and Azure AD identifier and entityid.
Regards, likki.
CodePudding user response:
We install adfs on Windows Server operating systems. It extends on-prem identities managed within AD to cloud applications through both SAML and OAuth. AD FS is meant for on-prem environments and does not authenticate through Azure infrastructure; it only authenticates against Active Directory.
AAD mainly serves as a cloud-based user management, as well as offers SSO capabilities for web applications. In fact, it authenticates users to their applications in much the same way as AD FS. The difference is that AAD authenticates via the cloud and AD FS authenticates on-prem.
Federation - When you set up SSO to work between multiple identity providers, it's called federation. An SSO implementation based on federation protocols improves security, reliability, end-user experiences, and implementation.
With federated single sign-on, Azure AD authenticates the user to the application by using their Azure AD account. This method is supported for SAML 2.0, WS-Federation, or OpenID Connect applications. Federated SSO is the richest mode of SSO. Use federated SSO with Azure AD when an application supports it, instead of password-based SSO and Active Directory Federation Services (AD FS).
So, if you want authenticate with cloud users you can go with azure ad or else if you want to use your on-premise user identities authenticate users for the application you can go with ADFS.
You can find more information here What is single sign-on? - Azure AD | Microsoft Docs
CodePudding user response:
I work at Microsoft boii. This tutorial you are following will sign you in with an Azure Identity. It uses MSAL. It is the Microsoft Authentication Library for.net. If your tenant is Federated and you have ADFS it will sign you in with an Active Directory identity.