BPuhl’s Blog

A little bit of everything without actually being much of anything

ADFS with a one-way trust

Posted by BPuhl on May 9, 2008

One of the nice parts about ADFS, is it’s ability to work throughout your trust realm.  Within MS IT, we have a single ADFS instance joined to our REDMOND domain in our main internal forest.  However, we have 7 production forests, with a total of 17 production domains.

Fortunately, the requirements for ADFS are fairly simple and intuitive:

  • The user has to be able to authenticate to an ADFS server
  • The ADFS server needs to have the ability to query the users domain, to read attributes to put into the users token.

Thinking about it like this, then it’s easy to see that with a full mesh of 2-way trusts between the forests, a single ADFS instance will work for users, regardless of which domain their account resides in.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: