Federated security using Thinktecture IdentityServer

Question

I have few mvc applications that are still in development and use Forms with SimpleMembership to register and authenticate users, these applications use same database and I have foreign keys all around to UserProfile table from simple membership.Recently I decided to give a shot to Federated security just to get SSO without reinveting the wheel, but there are few things I am confused about.

Should I set up Identity Server to use same database as my applications? (Then I could somehow put userID in claims or something, so I know how to get information from other tables for this user, is this correct?)

How is normal forms registration done when using federated security? (I am thinking that registration could be done in any application, insert rows in tables which Identity server uses or adjust STS to user simple membership tables for authentication,is this correct?)

Is it possible to authenticate users from each individual RP(mvc application) and still get SSO without redirecting user to STS? (somehow with internat HTTP requests)

What happens when STS fails? Are users then unable to login to any application? Is there any solution to this?

Answer 1

Should I set up Identity Server to use same database as my applications?

If you want to, you can.

How is normal forms registration done when using federated security?

This is up to you and (currently) outside the realm of IdentityServer.

Is it possible to authenticate users from each individual RP(mvc application) and still get SSO without redirecting user to STS?

Not really -- SSO via the browser is all about doing redirects back to the IdP because the user is logged into the IdP via the browser. Only when the IdP is confident of the user's identity will it then issue a token to the RP.

What happens when STS fails? Are users then unable to login to any application? Is there any solution to this?

The STS is a critical part of your enterprise, so you want to do everything you can to ensure it's up.