ADFS only natively supports AuthN to AD. If you want to do your AuthN with something else, you have to federate ADFS with an IDP that does that piece for you. Thinktecture’s (free) IdentityServer is often the tool of choice for that.
Thanks, Brian Desmond [email protected]<mailto:[email protected]> w – 312.625.1438 | c – 312.731.3132 From: [email protected] [mailto:[email protected]] On Behalf Of Christopher Bodnar Sent: Monday, February 3, 2014 9:52 AM To: [email protected] Subject: [NTSysADM] AD FS question We currently use PingFederate for all SSO SAML connections. I like it, it works really well, but we are paying for it. I'd like to begin the process of investigating AD FS as a possible replacement. I've never actually used AD FS, but have read the documentation. My question is in regards to directory repositories for authentication. Primarily we use LDAP authentication for access to SaaS applications. Going through IBM WebSeal for the authentication, which then passes it to PingFederate for the creation of the assertion, using LDAP properties to populate the SAML_Subject. Can you do this with AD FS? Can the front end authentication be LDAP, not AD? Since the IdP system isn't doing the authentication anyway, I don't think it should matter. Anyone else doing something similar with it? Thanks Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ________________________________ ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
<<inline: image001.jpg>>
