Hi,
i need some architectual directions on this subject. We want our users to identify them selfs with a third party site (X)(something like live.com, but SAML 2.0 based). In the SAML response an attribute is defined called SETID (which is not unique). Every user with that SETID must be allowed to acces sharepoint. All others may be authenticated, but are not allowed to enter the sitecollection.
The whole architectual picture is very fuzzy to me. I believe (but please correct me if I am wrong) I need to implement my own custom claims provider, I believe I also need to configure a Trusted identity Provider and I need to built my won Security Token Service?
For now we would like to skip AD FS... if possible
So is X also called an STS? I read about IP-STS and RP-STS. Do I need the whole set? Or is the custom STS only nesecary if I want to check the identlty myself (like a custom FBA solution or something).
I have read many blogs, but I cannot seem to find a simple design pattern for this.
Thanx in advance
Sander