Nuestro buen amigo Matias Woloski a escrito un excelente articulo de Multi tenant federation with Geneva Framework and Microsoft .NET Services Access Control, aqui el detalle:

“Multi tenant federation with Geneva Framework and Microsoft .NET Services Access Control 

A typical scenario for an ISV that wants to create the "next application in the cloud" will be how to support identity federation with their customers (tenants). A common requirement I’ve heard is:

"I want to enable single sign on and allow enterprises that have their own STS to integrate with us. For companies that don’t have any identity infrastructure in place we want to allow them to login with an ubiquous credential like Windows LiveID. How do we do that without spending three months with a security guru?"

A possible answer is use Microsoft .NET Services Access Control. They enable that scenario in a very straightforward fashion. The following diagram shows a possible architecture that might fulfill the customer requirements. In this picture Southworks is an enterprise that has its own STS and Contoso doesn’t, hence they use Windows LiveID for their users. The good thing about this is that in the middle we have ACS acting as the "normalizer". It will receive tokens from LiveID and Southworks IP STS and will transform them to something Fabrikam knows (Roles, Actions, etc.).

If you are like me, you might be wondering how this all works. Here are the gory details of all the HTTP interactions of a WS-Federation passive profile "dance":”

Ver el articulo completo aqui

Saludos

Fernando García Loera

MVP Lead | Community Consultant | Latin American Region

Que es un MVP? Como Logro ser MVP