Comments for Sam Huggill's Weblog » Sam Huggill's Weblog

Comment on Setting up Google Apps Single Sign On (SSO) with ADFS 2.0 and a custom STS such as IdentityServer by Jason

Jason — Tue, 21 Feb 2012 21:24:50 +0000

Following your directions for the claim rule NameID is never set in the SAML Response. If I create a claim rule using LDAP attributes I can get it working, but that is gonna make things difficult for me. Got any suggestions?

Comment on Setting up Google Apps Single Sign On (SSO) with ADFS 2.0 and a custom STS such as IdentityServer by Jason

Jason — Mon, 13 Feb 2012 15:17:55 +0000

Thanks for the info on the cert. Apparently my problem is that the NameID Element is missing from my SAML Response. Thought I followed your directions to the letter, but I may be missing something.

Comment on Setting up Google Apps Single Sign On (SSO) with ADFS 2.0 and a custom STS such as IdentityServer by Nia Hostetler

Nia Hostetler — Fri, 10 Feb 2012 04:31:08 +0000

Thanks a lot for the article post.Really looking forward to read more. Really Cool.

Comment on Setting up Google Apps Single Sign On (SSO) with ADFS 2.0 and a custom STS such as IdentityServer by shuggill

shuggill — Tue, 07 Feb 2012 21:04:43 +0000

The auto-generated ADFS token signing certificate will do fine, in fact I’m using the auto-generated one. I haven’t seen any performance issues with using a non-publicly issued cert for this.

Comment on Setting up Google Apps Single Sign On (SSO) with ADFS 2.0 and a custom STS such as IdentityServer by Jason

Jason — Tue, 07 Feb 2012 17:08:13 +0000

In regards to the token signing certificate. Will the auto-generated one, which is my internal FQDN, work? Or will I have to issue a new cert with the servers external FQDN?

Comment on Using O2 ZTE MF100 Mobile Broadband on Mac OS X Lion by shuggill

shuggill — Fri, 03 Feb 2012 22:12:35 +0000

Hi Med,

By APN do you mean the number the modem dials? I know that there is a Telephone Number field in the Network Preferences dialog.

Comment on Using O2 ZTE MF100 Mobile Broadband on Mac OS X Lion by shuggill

shuggill — Fri, 03 Feb 2012 22:10:58 +0000

Hi Duncan,
I guess the original O2 installer must have put the interface in somehow – have you made any progress?

Comment on Setting up Google Apps Single Sign On (SSO) with ADFS 2.0 and a custom STS such as IdentityServer by shuggill

shuggill — Fri, 03 Feb 2012 22:08:26 +0000

Hi Scott,

Google Apps expects a Name ID formatted claim, so you do need some claim transformation rule to convert whatever incoming claims you have (in my example an email claim, but from AD it could be the UPN or account email) to the required outgoing claims.

I haven’t solved the single-sign out issue yet – all I can see is that I get an ADFS error when trying. If you make any progress I’d certainly be interested.

Comment on Setting up Google Apps Single Sign On (SSO) with ADFS 2.0 and a custom STS such as IdentityServer by shuggill

shuggill — Fri, 03 Feb 2012 22:06:10 +0000

Yes, ADFS can provide authentication using it’s built in Active Directory claims provider trust. However, in my situation the user credentials are stored in a custom database (happens to be MS SQL Server but could be anything) and therefore I use a custom STS to provide authentication. If you only need Windows Authentication (i.e. because your clients are logged on to a Windows domain that your ADFS server has access to) then all you need is ADFS.

Comment on Setting up Google Apps Single Sign On (SSO) with ADFS 2.0 and a custom STS such as IdentityServer by Benjamin Collins

Benjamin Collins — Wed, 01 Feb 2012 20:45:59 +0000

I’m sure I just don’t understand ADFS well enough, or maybe I’m not understanding what you’re trying to do, but why do you need the custom STS? Isn’t ADFS an STS?