Openstandards.net writes "A fortune 500 company is currently using Active Directory (AD) and needs to support SAML to provide SSO and integrate a cloud provider of email, calendar, docs, etc, they are switching to. They are considering Microsoft's Active Directory Federation Services (ADFS), which is included in Server 2008 licensing, so incurs no additional licensing cost. The question I have is can this limit the company's SSO options later? What if the company wants to integrate two LDAP servers used for different e-Commerce systems, which include customer logins and self-registration. One reason to keep the LDAP servers separate is because they'd never permit self-registration in AD. Plus, they'd want to keep the customers of completely separate divisions apart to prevent stranded costs in the likelihood of a sale of one division. But, you'd want AD to play a role in authentication of internal users to the e-Commerce systems. The limitation of ADFS is that it only supports Active Directory as an underlying identity repository. Does this prevent you from integating the other LDAP servers into the SSO solution? Would you have to replace ADFS at that point? Has anyone tried an SSO solution involving multiple authentication sources that included ADFS? What would you recommend in this case?"