从 ADFS 转向日内瓦框架
我的公司需要联合身份解决方案,作为一家 Microsoft 商店,我们希望使用 MS 技术来实现这一目标。
我们的生产环境中没有 Server 2008 或 .NET 3.5,因此我们仅限于基于 .NET 2.0/Server 2003 的解决方案。
这意味着(就联合身份解决方案而言)Active Directory 联合身份验证服务。
ADFS 看起来相当不错,因为它支持 WS-Federation 标准,这意味着我们可以与不使用 Microsoft 技术的合作伙伴进行联盟。
不幸的是(对我们来说),Microsoft 即将发布基于 .NET 3.5 的身份框架,日内瓦框架。
日内瓦框架似乎在各个方面都比 ADFS 更好(主要是因为它是 ADFS 加上附加功能和标准支持)。
由于我们不是 .NET 3.5 商店,并且日内瓦仅处于测试阶段,因此目前这对我们来说不是一个可行的选择。
我的问题是:我们从 ADFS 迁移到日内瓦有多难?
我们正处于 ADFS 的概念验证阶段,因此我们还没有开始深入研究从基于身份的授权转变为基于 ADFS 声明的授权所需的代码更改。 我确信我们可以将此逻辑放入一个可以更新的程序集中,以支持基于日内瓦声明的身份验证。
除了所需的代码更改之外,将我们基于声明的基础设施从 ADFS 迁移到日内瓦会有多困难? (例如,从 ADFS 的 STS(联合服务)迁移到日内瓦的 STS(日内瓦服务器))
感谢您就本主题提供的任何意见,非常感谢!
My company is in need of a federated identity solution, and being a Microsoft shop, we're looking to use MS technologies to accomplish this goal.
We don't have Server 2008 or .NET 3.5 in production, so we're limited to a .NET 2.0/Server 2003-based solution.
This means (in terms of a federated identity solution), Active Directory Federation Services.
ADFS looks pretty good because it supports the WS-Federation standards, which means we can federate with partners not using Microsoft technologies.
Unfortunately (for us), Microsoft is close to releasing a .NET 3.5-based identity framework, the Geneva Framework.
The Geneva framework appears to be better than ADFS in every way (mostly because it's ADFS plus additional functionality and standards support).
Since we're not a .NET 3.5 shop and Geneva is only in beta, it's not a viable option for us at this time.
My question is this: how hard will it be for us to move from ADFS to Geneva?
We're just at the proof-of-concept phase with ADFS, so we haven't started diving into the code changes required to move from identity-based authorization to ADFS claims-based. I'm sure we can put this logic in an assembly that can be updated to support Geneva claims-based authentication.
Along with the code changes required, how difficult will it be to migrate our claims-based infrastructure from ADFS to Geneva? (e.g. Moving from ADFS's STS (Federation Service) to Geneva's STS (Geneva Server))
Thanks for any input on this topic, it's greatly appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我收到了关于 的回复MSDN 论坛帖子:
I received a response on an MSDN forum post: