ADFS, SharePoint, and InCommon?

Albert Lunde albert-lunde at
Fri Nov 2 16:28:02 EDT 2012

We've got a group at Northwestern that is interested in setting up a 
SharePoint site for external (non-Northwestern) inCommon users, using 
the ADFS 2.0 features that interrelate to SAML 2.0, and "Claims-Based 
Authentication" as the Microsoft wrapper around SAML 2.0.

I'm having a hard time figuring out of this is really feasible.  The 
cookbook examples seem to describe tweaking both Shibboleth and ADFS 
configurations, but we have no control of remote InCommon Shibboleth 
IdPs, and I'm not sure that the metadata for an ADFS/SharePoint web site 
would be orthodox enough to publish via InCommon.

The protocols used seem to be a mix of WS-Federation and SAML WebSSO, 
and many gotchas are listed.

We aren't anywhere near production, we are just trying to see if this is 
feasible enough to work on in some testbed context, but if it really 
won't work in practice, that would be good to know.

More information about the users mailing list