Joe, Tomasz -
Yep, you're right that it may tend to show a bad precedent for people to
follow. I haven't taken a look at these particular labs (and having just
come back from a long hiatus, I didn't see the referenced lab) but is the
guidance there as to what Best or Preferred Practices SHOULD BE?
If not - I find that the bigger problem than the fact that self-certs are
being used at all.
Rick
From: Tomasz Onyszko <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] ADFS and certs
Date: Sun, 24 Sep 2006 21:21:53 +0200
Joe Kaplan wrote:
(...)
> I also think the ADFS step by step guide leads people down a dark
> path, in that all the demos are set up with selfssl and self-issued
> certs, which are ok for demos, but not cool for production (IMO)
(...)
Will jump with few word from myself again - I can agree on Your point
regarding step by step in 100%. When I've tried to setup my first ADFS lab
I've decided to use Windows 2003 CA instead of Self issued certs and for me
it was far more natural way to use ADFS than this not-realistic SelfSSL
scenario, which may be confusing for users. I've exchanged e-mail with
peoples on internal mailing list few times about it and one good
information is that this point was taken and updated version of step by
step document for ADFS should be better on this.
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
_________________________________________________________________
The next generation of Search—say hello!
http://imagine-windowslive.com/minisites/searchlaunch/?locale=en-us&FORM=WLMTAG
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx