The hop to the example relying party is using SAML SSO. In this case ADFS is now acting as the IdP and generates and sends a new SAML assertion to the relying party (SP). Of course, some other protocol could be used for federation with the relying party. In our example we use SAML SSO to the ExampleServiceProvider. Even if you're using SAML SSO to the relying party, there may be some circumstances where it makes sense to include ADFS rather than going directly from the IdP to the SP. For example, ADFS may be used to perform a claims mapping or to include additional claims retrieved from ActiveDirectory. However, there will be use cases where involving ADFS is unnecessary and direct SSO between the IdP and SP with no ADFS involvement makes more sense.
Regards ComponentSpace Development
|