Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Ask Slashdot: Can using ADFS limit your options in the future? 1 writes: "A fortune 500 company is currently using Active Directory (AD) and needs to support SAML to provide SSO and integrate a cloud provider of email, calendar, docs, etc, they are switching to. They are considering Microsoft's Active Directory Federation Services (ADFS), which is included in Server 2008 licensing, so incurs no additional licensing cost. The question I have is can this limit the company's SSO options later? What if the company wants to integrate two LDAP servers used for different e-Commerce systems, which include customer logins and self-registration. One reason to keep the LDAP servers separate is because they'd never permit self-registration in AD. Plus, they'd want to keep the customers of completely separate divisions apart to prevent stranded costs in the likelihood of a sale of one division. But, you'd want AD to play a role in authentication of internal users to the e-Commerce systems. The limitation of ADFS is that it only supports Active Directory as an underlying identity repository. Does this prevent you from integating the other LDAP servers into the SSO solution? Would you have to replace ADFS at that point? Has anyone tried an SSO solution involving multiple authentication sources that included ADFS? What would you recommend in this case?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: Can using ADFS limit your options in the future?

Comments Filter:
  • Hi! The idea behind SAML is that two identity providers can trust each other. So if you use ADFS, you shouldn't have any problems in the long run. Of course, the caveat is, that you need to use another software that can do LDAP login and supports SAML2 protocol. ADFS can then consume identity tokens from those other SAML2 providers and issue tokes for users that are authenticated against them. And those other identity provider could in turn act as consumers and accept identity tokens from ADFS. So, going

"my terminal is a lethal teaspoon." -- Patricia O Tuama