I’m reasearching how to incorporate a SAML integration into a CF app. The bigger picture is an external Active Directory source, SAML to a CF app with its own user management. Any info is helpful.
What role will the CF server provide in the SAML workflow? When I did this recently I used a third party provider (Auth0, but there are many good providers out there) as the IdP and service provider. Auth0 can then connect to AD, client DB, or act the DB. The ColdFusion server (or your front end, such as AngularJS) can communicate with the provider and handle the handshake and validation.
There are also articles on setting up CF to handle this instead, but I did not go this route for a number of reasons. Googling for "ColdFusion SAML" will show a few StackOverflow answered questions and blog posts that might get you started. HTH!
Thanks for the reply. After reading various horror stories on SAML (SAML in general, not CF specifically), I was pointed in the direction of OpenID instead. While I have not done any development yet, what I read looks promising and it'll work in the environment I was scoping out.
Which route did you go? I have a client needing to interface with one of their client's SSO providers and their provider grants access thru SAMLv2 or WS-FED.
Have you looked at SSOEasy? Not free, no, but not expensive and they offer great support, including setting up the free trial to confirm if things would work well for you.
They already have an SSO provider in-house that my client's client handles. I just need to process their SAML response. That is what I was asking about. Sorry for any confusion.
SSOEasy can help with CF either in the service provider or identity provider role. Just sayin' it may be worth exploring, if you don't find a better answer to your specific need.
For us, the project is still on the back burner. No progress.