Determining whether to use SAML or WS-Federation for a partnership depends on the binding that each side supports.
For a new federation, there are no legacy requirements for either partner. Therefore, the recommended SAML profile to use for single sign-on is SAML 2.0 POST profile. SAML 2.0 POST profile offers secure transmission of assertion data and the configuration process is simpler than SAML Artifact profile. If, however, the agreement of two partners requires SAML Artifact, this binding can also be implemented.
For deployments use Active Directory Federation Services (ADFS), configure WS-Federation.
Copyright © 2013 CA.
All rights reserved.
|
|