Re: MOSS and ADFS scenario
- From: "John Timney \(MVP\)" <xyz_john@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 27 Dec 2007 23:36:39 -0000
There is a very good set of blog entries to help you out here. Basically,
you will need to implement the single sign on services in MOSS and pretty
much configure an SSL extranet for the ADFS clients - which will ideally
have to be located outside your internal network in a new DMZ.
http://blogs.msdn.com/sharepoint/archive/2007/02/15/how-to-use-adfs-to-turn-moss-2007-into-a-claims-aware-application.aspx
If they are within your network as a simple trust would indeed save you
significant setup cost, architecture and on-going support. I would
seriously question the value of not having the trust and having to extend
your intranet zone to an extranet zone. Thats a lot of work!
Regards
John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog
"BBNBQ" <BBNBQ@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D10A1BF2-57DC-4CA4-ABE7-4E7E84DAF265@xxxxxxxxxxxxxxxx
Oh I forgot to mention, since some companies will use Ad trust and others
(possibly more than one) will use ADFS, does this require that we have
separate URLs to the site for each type of client?
Also, I read that ADFS requires SSL. Is this only required during initial
connection/authentication or throughout the client's acces to the site?
I'm hoping it is the former, since the later would create unnecessary load
on the server? (protection of content is not required, only protection of
credentials)
Thanks,
BBNBQ
"BBNBQ" wrote:
Hi.
We are implementing a central MOSS installation to serve our sister
companies whom have their own AD forests.
Most of these companies have established a one-way trust with the domain
hosting MOSS. However, one major one refused and requested we implement
ADFS
instead.
So, while I am aware of the uses of ADFS, all I was to use it at this
point
is as a replacement to an AD trust in order to authenticate users from
other
forests.
Upon discussing this briefly with local MS rep, he brought out the point
that ADFS require more in depth design and configuration of contracts,
roles/groups, etc... while I appreciate this, my question is, does ADFS
allow
for a straight-forward config if all I need is to authenticate users
without
having the need to check their roles, etc. In otherwords, all I need is
for
them to authenticate and connect.
Hmm, I just thought of something, since the central MOSS is only supposed
to
be accessed by a sub-set of users from each company (only employees), we
have
asked each company to provide the AD group name that contains the users
who
are allowed the access so we can give that group viewer or contributor
permission to the main site. I think this might be what the guy was
talking
about. Does this complicate things in terms of ADFS? Or will it be
straigh-forward?
Thanks,
BBNBQ
.
- References:
- RE: MOSS and ADFS scenario
- From: BBNBQ
- RE: MOSS and ADFS scenario
- Prev by Date: Re: WSS v3 sp1 Search status stuck in a "stopping" state
- Next by Date: RE: Need help with sharepoint\system account
- Previous by thread: RE: MOSS and ADFS scenario
- Next by thread: Failed to create portal successfully
- Index(es):
Relevant Pages
|
Loading
