Is it possible to have two domains use SSO and point to same endpoint using separate authentication? Need help!!!
ADFS 3.0 implementation
- 256 Views
- Last Post 27 January 2016
Why do you require separate authentication for an endpoint? And if it needs to be separate, what you be supported for each? If you have 2 AD domains in the same AD forest ADFS can issue security tokens based upon the rules of the CP trust “Active Directory”https://jorgequestforknowledge.wordpress.com/2013/09/24/ad-user-accounts-for-which-the-adfs-sts-can-generate-security-tokens/ With regards to authentication mechanisms you can choose a mechanism for intranet initiated authentication and a mechanism for extranet initiated authenticationFor example, for intranet initiated authentication you can choose windows integrated authentication (WIA) and forms based authentication (FBA). If the client does not support WIA, it will fall back to FBA. Probably if you fiddle around with the user agents config in ADFS and the user agent definition on the clients, you might be able to achieve what you want. See the following blog post as an example: http://blog.kloud.com.au/2014/11/06/implementing-adfs-v3-0-forms-authentication-in-mixed-environments/ Please be aware, this requires quite some customization in my opinion. It may help you now, but it might hit you hard in the (near) future, due to some scenario you did not take info account. Met vriendelijke groeten / Kind regards, Jorge de Almeida Pinto*: JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx(: +31 (0)6 22.214.171.124
Sorry if I did not make it clear. My company was bought by another company and thus domains. My company is trying to use ADFS for Service Now. The other company would like to as well but we want to use the same resources and make it available to all users on both sides. My company currently goes thru a VPN authentication. My question is can I use both types of authentication??Thx in advance
Sent from Ray McLean's iPhone
On Jan 26, 2016, at 10:50 PM, Jorge de Almeida Pinto <jorgedealmeidapinto@xxxxxxxxxxxxxxxx> wrote: