Federating with multiple existing identity systems
Kindly let me know how FIM 2010 can help me here. Existing things: 1) Multiple web apps. One for each kind of users. Let us call them user kind A, B, C, D and E. All these web apps are hosted inside the same corporate nework. All users (except E) access them from outside i.e. over the public internet. 2) All web apps have the following to do: Let the user log in. Each one uses a different kind of AuthN mechanism: A = WLID, B = Username and Pwd distrubuted to them by the corporate and maintained in SQL. C and D have some different mechanism. E is special and such users can directly connect to the corp network from their offices and hence use Active Directory sitting inside the Corporate Network. Users login, select files to download and be happy. What files a particular user within a type i.e. A to E can download etc i.e. AuthZ rules are maintained by the individual web apps. Some use SQL while the Acitve Directory (AD) one does not use SQL, it uses AD itself. 3) None of the web apps is ready to change anything as far s AuthN is concerned i.e. user experience. If we go and tell them all "please start using live id only", they will shoo us away. 4) Each one has its own way of storing the files i.e. resources which the users download. Even though there is a lot of overlap in terms of the files needed to be maintained by the web apps, they somehow decided to have redundancy and maintain their own stuff. Problem statement: 1) All the web apps now want a central store for the files (downloadable resources). 2) They want a central place where all the AuthZ rules for their users would be maintained. 3) They would still want their users to log in the same way. 4) They all want to STOP doing the AuthN and AuthZ from now on. 5) They all want some kind of "download platform" sitting behind to which they will hand off the user creds in what ever way they are receving it now, pass info on what files are needed for download and want everything from AuthN and AuthZ to be handled by this platform. 6) They are, of course, ready to make minimal changes to the way they should be handing off the user creds or whatever little it takes - config or code changes - to make this happen 7) All these web apps are plain ASP.Net 2.0. They have no WCF or anything from the claims platform.
September 4th, 2010 6:28pm

FIM is great for automating the creation, deletion and management of accounts and passwords. What you need is ADFS 2.0 and WIF. Depending on how the devs are doing their authn and authz it maybe simple switching of info in config files. http://blogs.technet.com/b/identitymanagement/archive/2010/09/03/new-books-on-identity-and-access-fim-2010-and-wif.aspx http://blogs.msdn.com/b/vbertocci/archive/2010/06/28/the-june-2010-identity-training-kit-contains-powerpoint-decks-videos.aspx With ADFS 2.0 you can authenticate vs AD or custom STS. You can also retrieve attributes or claims from SQL databases.David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
Free Windows Admin Tool Kit Click here and download it now
September 6th, 2010 2:19am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics