This time we focus on the Relying Party side and our goal is to federate with an STS with as little effort as possible and as much code as possible, no unnecessary configuration sections in web.config. The STS could be any SAML1.1 compliant STS: the ADFS2, the Azure Federation Service, Thinktecture Identity Server.
For ADFS, one for the very first GET of the login resource – this is where we build a WS-Federation compliant request and go to the STS for authentication. And the one for the STS response – this is where we get the SAML token out of the response and validate it for signature validity and the certificate acceptance.
According to my understandings:
When a user attempts login by entering their email address as soon as they (tab off) the “Email Address” field the system should query the table. System should redirect the user to the users ADFS login page. ADFS users would have the “Password” field and the [Log in] button taken away after tabbing away from the “Email Address” field see (fig 3).
Now, it seems that you are looking to integrate it in your current application. So I would prefer if you can please share me the details of your application. I just want to verify what is the best possible way to integrate it properly with your current system.
By the way, when I have worked with ADFS my client provides me all the details. So, I think you will send me details to move further.
I will wait for your response to move further.