.net - 有关我的SSO实现的一些指导=设置身份服务器并以编程方式使用它(some guidance on my SSO implementation = setting up identity server and using it programmatically)

Question

I need some guidance on my SSO implementation.

(我需要有关SSO实施的一些指导。)

We have a web application where we are authenticating the user through applications Database.

(我们有一个Web应用程序，通过应用程序数据库对用户进行身份验证。)

We check user details in USER table and match password.

(我们在USER表中检查用户详细信息并匹配密码。)

If everything looks good we create .net session and allow user to Login.

(如果一切正常，我们将创建.net会话并允许用户登录。)

One of our partnersnrequested for SSO integration, they want us to behave like Identity Provider (their application will be Service Provider).

(我们需要SSO集成的合作伙伴之一，他们希望我们的行为像Identity Provider（他们的应用程序为Service Provider）。)

I have no idea from where should I start.

(我不知道从哪里开始。)

Few initial guiding points will be a great help.

(最初的指导点很少会有很大的帮助。)

  ask by Rgbb1 translate from so

Answer 1

You need to choose an IDP eg Azure AD, Auth0, Okta, Shibboleth, identityserver 4 ...

(您需要选择一个IDP，例如Azure AD，Auth0，Okta，Shibboleth，身份服务器4 ...)

Only a few IDP can authenticate against a SQL DB.

(只有少数IDP可以针对SQL DB进行身份验证。)

Have a look at Auth0 (paid) or identityserver 4 (free).

(查看Auth0（收费）或Identityserver 4（免费）。)

Both of these have client-side samples.

(这两个都有客户端示例。)

These samples will use one of:

(这些示例将使用以下之一：)

• WS-Federation

  (WS联合会)

• SAML 2.0

  (SAML 2.0)

• OpenID Connect

  (OpenID连接)

as the protocol to talk to your IDP.

(作为与您的IDP对话的协议。)

Use OIDC - it's the easiest - if you can.

(如果可以的话，请使用OIDC-最简单的方法。)

Your partner will need to use one of these libraries in their application.

(您的合作伙伴将需要在其应用程序中使用这些库之一。)