While I'm very familiar with federated protocols like SAML, I'm pretty new to WS-Federation and ADFS. We are considering to move towards claims-based authentication and authorisation for our web based set of (.NET) applications. I understand that users will be re-directed towards ADFS to authenticate. All our applications (and also ADFS) are behind a reversed proxy that performs the authentication. So, basically there is no need for ADFS to authenticate the users again. This proxy is able to add user data (e.g. unique user ID) to HTTP HEADERs it sends to backend applications. Can ADFS somehow be configured to pick up these HEADERs instead of asking the user to authenticate again. The unique user ID can stored/fetched from any repository (AD, LDAP, Database).
So, basically, I'm looking for SSO options from a reversed proxy towards ADFS. Help much appreciated.