Last post Mar 11, 2013 04:10 AM by Angie xu - MSFT
Mar 07, 2013 01:25 PM|abhaynidhi17|LINK
I have a web-application, which is using 2-Factor Authentication, the 1st one being AD username & Password. Now this web-app is internet hosted and doesn't reside on any internal domain. It connects to an AD domain via LDAP.
In this same application, we want users to be able to send & receive their Gmail emails but with SSO. We don't want them to re-enter a username & password for their gmail account. Instead, the user's can store their Gmail username in a User attribute(like
Description) in Active Directory.
Both the Identity Server and our web-app will be on same internet hosted server but will not be part of any AD domain as both our web-app and Identity Server will be used for multiple domains.
Identity Server should be able to receive Domain Details and Service Account details for a particular domain from our web-app.
When user logs into our web-app, an automatic SSO request for Google goes to the Identity Server with info for the domain, the user belongs to. SSO request gets filled and a session is built. Then user should be able to see Gmail Emails, Contacts, Calendar,
etc. in our web-app only.
I don't know if this is possible at all.
Any suggestions for this or do achieve similar functionality will be much appreciated.
Mar 11, 2013 04:10 AM|Angie xu - MSFT|LINK
You should understand the Single Sign-On first, three types of Single Sign-On services available today: Windows integrated, extranet, and intranet.
These are described in the following sections, with Enterprise Single Sign-On falling into the third category.
If we can do what you said, I think you should create integrated Gmail(Gmail+calendar+contacts, etc) first, and your application must be integrated with Gmail interface.
Welcome other community member give your idea for this,