Security

Hello everyone,

A custumer wants to do ASO with ClearPass and ADFS.

Example : a employee goes to a captive portal and logs in. Then, when he goes to an web application ASO compatible (SharePoint for example), he's automatically logged in. 

I read the technote about SAML Configuration, but i'm not sure to understand how it works. I've never worked on that. 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=24992 

If i'm right, ClearPass would be the Service Provider (SP) and ADFS would be the Identity Provider (IdP).  After a succesful 802.1X authentication, un token is generated by ClearPass and sent to the controller. 

When the user goes to the application, he is redirected to the IdP URL to do a SAML request. The controller intercepts the request and inserts the token and forward it to the SAML IdP. 

Then the IdP checks the token. If it's valid, it sends a SAML assertion in the response to the user.

My question is : how the IdP can check the validity of the token ? 

Thank you for your help

Thank's for your quick reply !

Is there any documentation which can help to understand how to implement it ? 

Hi Tim,

I'm interested in this subject too.

Can you just explain the SAML chaining part?

The idea would be to chain authentication request from Clearpass to ADFS? would it be done through a service?

I found your doc on Cloud Identity providers, would it be the same kind of process?

Thanks