ADFS, SharePoint, and InCommon?
Albert Lunde
albert-lunde at northwestern.edu
Fri Nov 2 16:28:02 EDT 2012
We've got a group at Northwestern that is interested in setting up a
SharePoint site for external (non-Northwestern) inCommon users, using
the ADFS 2.0 features that interrelate to SAML 2.0, and "Claims-Based
Authentication" as the Microsoft wrapper around SAML 2.0.
I'm having a hard time figuring out of this is really feasible. The
cookbook examples seem to describe tweaking both Shibboleth and ADFS
configurations, but we have no control of remote InCommon Shibboleth
IdPs, and I'm not sure that the metadata for an ADFS/SharePoint web site
would be orthodox enough to publish via InCommon.
The protocols used seem to be a mix of WS-Federation and SAML WebSSO,
and many gotchas are listed.
We aren't anywhere near production, we are just trying to see if this is
feasible enough to work on in some testbed context, but if it really
won't work in practice, that would be good to know.
More information about the users
mailing list