Re: [ActiveDir] ADAM bind Redirection with a NULL password

Thu, 28 Sep 2006 23:17:07 -0700

Do try to push your vendors in the direction of standards-based federation when federation is the solution. It is really the best way to go for that particular class of problems.
The real problem for ADFS in the federation space is that it only supports WS-Federation and doesn't support SAML2. A lot of vendors that are interested in federation have already gone down the SAML 2 path, as it has a headstart and a good standards story. It is also non-Microsoft, which makes it instantly interesting to a lot of people, like it or not. 


One of the things I'm faced with in my own federation deployment is that in 
order to cover some of the vendors we'll likely need to federate with, I'll 
need to integrate a completely different product just to support SAML 2.0 
protocol.  That sucks.  I can understand why MS went in the direction they 
did, but I'd still like to see a SAML 2 compatibility mode or some 
middleware I could stack on ADFS that would allow me to reuse most of my 
current investment.



We actually considered using a different product that supports both WS-Fed 
and SAML 2 (Oracle, RSA and Ping all have this for example).  The problem is 
getting the really tight integration with both .NET claims apps and Windows 
token apps on the "inbound" scenario side.  That's where the ADFS feature 
set really kicks butt and sort of forces us to use it anyway.  Thus, two 
products.  Sigh.


Joe K.


----- Original Message ----- 
From: <[EMAIL PROTECTED]>

To: <[email protected]>
Sent: Thursday, September 28, 2006 11:22 PM
Subject: Re: [ActiveDir] ADAM bind Redirection with a NULL password



Tony,



I have a "workshop" next week with a vendor to discuss an extranet 
solution. Unfortunately, LDAP auth is not going to be possible, since 
there will be no communication across the firewall.



I am steering them toward an ADFS solution, which I think will fit the 
bill better.  The issue will be, that it will require a 3rd party 
middleware to make work, which I am not sure they will be thrilled about.



Thanks for the thoughts on this.  Glad to know I'm not the only one 
struggling with bad apps! ;)


Jef



List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx























					Reply via email to