Enabling ADFS based Single-SignOn in Tridion Docs 14

Question

Hi All, 
 We use an ADFS server to handle all our login needs and we want to make the CMS servers use our ADFS server as well. 
 Our ADFS implementation works with SAML 2.0 but according to the docs SDL supports only SAML 1.1. Is there any way for us to make the CMS accept SAML 2.0 certs? We cannot go with SAML 1.1 as that would mean enabling insecure and obsolete endpoints on our part. 
 Another option would be OAuth 2.0, is there support for OAuth based logins? If so, is there an user-guide for it on how to enable it? 
 For enabling ADFS I've followed your guide on sdl.github.io: sdl.github.io/.../ADFS.html

Dave De Meyer · Answer

Hi Tamas, 
 To clear things up first, Tridion Docs uses the SAML 1.1 token format. The token format is not the same as the SAML 1.1 or 2.0 protocol. 
 See details on https://docs.sdl.com/806356/752072/sdl-tridion-docs-14-sp3/security-token-service-and-------------tridion-docs . In practice the system requires OASIS WS-Federation and WS-Trust protocols. 
 There is no OpenIDConnect/OAuth support yet, that is high on the backlog. This will be addressed in the upcoming TXS2021 Tridion Docs Architectural Runway session, see https://www.rws.com/about/events/2021/webinars/tridion-expert-summit-nasa/

Tridion Docs Developers > 03 - Developer Forum

Enabling ADFS based Single-SignOn in Tridion Docs 14