Re: ADAM - SSO and provisioning considerations

I appreciate the words of wisdom. I'm almost there...but not quite :-(
I'm sorry if I'm coming across as thick, but as I said, I'm a noob.
Also, I'm not sure how clear I was about the fact that we are selling a
product into the market, and that we are considering packaging ADAM
with that product. We can't do that with AD; and we can't rely on all
of our customers using AD as their identity store...not all of them do.

In addition, we want to enhance the schema (by adding our own security
groups among other things). Being a vendor, it's impossible for us to
access or modify the customer's AD schema. That's one place ADAM may
fit in.

But none of that amounts to much unless we can configure ADAM as the
"guy who talks to the rest of the world" for authentication. That's
the really important part.

In the case where "the rest of the world" is AD, then I can see how to
make ADAM do that. But what about the case where the customer is using
some other identity store / authentication mechanism? (A) Can ADAM be
configured to handle the authentication part in that case? And more
importantly, (B) How?

Anyone from Microsoft care to chime in? Thanks again!

- Rob

.

Relevant Pages

  • Re: ADAM - SSO and provisioning considerations
    ... ADAM and "custom" security principals and gives you ... for authentication, where you might ship some default providers (ADAM LDAP ... be used to link up to the authorization store. ... > customer's identity store is a non-MS directory, ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM - SSO and provisioning considerations
    ... > install an OU, do LDAP bind's to AD for authentication, and used some ... > enough not to extend the schema so I was very willing to go along. ... We didn't need ADAM ... > into an account and architect a SSO solution for their identity stores and ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM - SSO and provisioning considerations
    ... install an OU, do LDAP bind's to AD for authentication, and used some ... The above illustrates why you don't need ADAM. ... store for your identity store. ... they are all in the customer's identity store. ...
    (microsoft.public.windows.server.active_directory)
  • Re: adam bind-redirect
    ... a third party doing authentication) then the proxy-redirect isnt an option. ... could benefit from bind redirect/User Proxy Object ... >> Our Adam will have a user store where we put custom user attributes. ... > Integrated authentication gives you a Windows security context ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM - SSO and provisioning considerations
    ... single credential store. ... > that app will launch our app, so it can pass the username or SID on the ... ADAM doesn't simplify your architecture from what I can tell in your posts. ... LDAP bind is not an authentication process. ...
    (microsoft.public.windows.server.active_directory)