Re: How should we do it with ADFS?

thanks for the help.

I thought I just need web agent installed on the application web server. I
am not sure whether you mean federation server and federation agent. /Any
difference? you mean I need to install ADFS on the domain controller which
hosts the accounts.

Thank you very much.



"Joe Kaplan" wrote:

You can definitely use ADFS to solve this problem. It is one of the
standard use cases for ADFS and my company has an identical application
architecture using ADFS in production right now.

You'll need more than just the ADFS agent installed on the application
though. You'll need at least an ADFS federation server to serve as the
authentication mechanism for your internal AD users and you'll need another
federation server to serve as the account store for the external users as
well. If they are stored in ADAM, you could potentially do this with one
federation server but the design isn't very clean. I'd recommend against
that. Also, in order to use ADFS as the account store for the external
users, they too must be stored in either AD or ADAM. If they are in SQL or
some other store, ADFS can't be used.

I'd suggest reading the ADFS Deployment Guide to learn more about the
details. There is also a thread going on over at my book's web forum
discussing something very similar that you might be interested in (see link
in sig).

HTH,

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F057C141-2DFB-4B9F-9C1B-F3C179898F92@xxxxxxxxxxxxxxxx
Hi all,

We have in house application to allow external users to access. Also, we
want to allow internal users to access without creating accounts in the
app
and just using AD users. (we have windows 2003 R2 active directory with
mixed w2K and win2003 DCs). Can we delopy ADFS to allow single sign on?
Also, what are exact steps to configure this? Do we just need to install
the
ADFS component in the wed server of Application?

Can anyone help?

Thank you.



.

Relevant Pages

  • Re: ADFS Errors
    ... The problem with step by step guide and Keith's article is that ADFS ... requires SSL certs to get up and running at all, but SSL certs are not so ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... check the application event log on the federation server and ...
    (microsoft.public.windows.server.active_directory)
  • Re: How should we do it with ADFS?
    ... I can set up another server to be federation server instead of domain ... When I install the federation services, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... standard use cases for ADFS and my company has an identical application ...
    (microsoft.public.windows.server.active_directory)
  • Re: How should we do it with ADFS?
    ... applications (basically be a resource partner with an account store). ... then conversion of those accounts into a directory that ADFS ... and resource federation server and then configure the web server to trust ...
    (microsoft.public.windows.server.active_directory)
  • Re: How should we do it with ADFS?
    ... I definetely need federation server which needs windows 2003 ... standard use cases for ADFS and my company has an identical application ... in order to use ADFS as the account store for the external ...
    (microsoft.public.windows.server.active_directory)
  • Re: How should we do it with ADFS?
    ... applications as ADFS requires SSL for all HTTP communication. ... with a second federation server and a second separate account store. ... Joe Kaplan-MS MVP Directory Services Programming ... When I install the federation services, ...
    (microsoft.public.windows.server.active_directory)
Loading