In our company we're currently living the simple AD authentication life for most of our in-house developed applications. But the need for a more advanced security solution comes up more and more. We have websites, apps and services that are not only available internally anymore but are also available outside of our private domain, company apps are being installed on private phones, we're looking to use an external authentication service from the government, etc. ... a lot of moving parts.
Currently we're in the phase that some custom security solutions are begin developed with all the disadvantages that come with it (possible security holes, no SSO, duplicate code). So we're looking for a centralized authentication/authorization platform and Identity Server seems to fit the bill perfectly. We develop mostly in .NET. But this going to be an investment from our side as developers as we're all pretty new to this.
My question: Our colleagues from the security team are looking to setup a new application firewall, something like Citrix NetScaler ADC, and they think that this is a good alternative for Identity Server, but I have my doubts, there does not seem to be a lot of documentation, certainly not within the domain we need a solution for (OAuth, OpenID, AAD, SSO, customisation). So before we have further talks with the supplier of this product I was wondering if any of you guys have some experience with application firewalls like the NetScaler ADC and how they compare with Identity Server.