Joe,
I have a large Websphere community, which suffers from the single NC for
LDAP binds scenario. Have you had any experience with WS and ADFS? The
WS guys seem very tight lipped on knowing how to setup WS to work with it.
I have been looking at Quests and Netegrity for their ADFS modules for JAVA
systems which I think might fit the bill.
OUr entire unix platform group is integrated into AD with Quest's VAS
product, and surprisingly, they LOVE AD. :)
Thanks for the insight,
Jef
----- Original Message -----
From: "Joe Kaplan" <[EMAIL PROTECTED]>
To: <ActiveDir@mail.activedir.org>
Sent: Friday, September 29, 2006 1:16 AM
Subject: Re: [ActiveDir] ADAM bind Redirection with a NULL password
Do try to push your vendors in the direction of standards-based federation
when federation is the solution. It is really the best way to go for that
particular class of problems.
The real problem for ADFS in the federation space is that it only supports
WS-Federation and doesn't support SAML2. A lot of vendors that are
interested in federation have already gone down the SAML 2 path, as it has
a headstart and a good standards story. It is also non-Microsoft, which
makes it instantly interesting to a lot of people, like it or not.
One of the things I'm faced with in my own federation deployment is that
in order to cover some of the vendors we'll likely need to federate with,
I'll need to integrate a completely different product just to support SAML
2.0 protocol. That sucks. I can understand why MS went in the direction
they did, but I'd still like to see a SAML 2 compatibility mode or some
middleware I could stack on ADFS that would allow me to reuse most of my
current investment.
We actually considered using a different product that supports both WS-Fed
and SAML 2 (Oracle, RSA and Ping all have this for example). The problem
is getting the really tight integration with both .NET claims apps and
Windows token apps on the "inbound" scenario side. That's where the ADFS
feature set really kicks butt and sort of forces us to use it anyway.
Thus, two products. Sigh.
Joe K.
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <ActiveDir@mail.activedir.org>
Sent: Thursday, September 28, 2006 11:22 PM
Subject: Re: [ActiveDir] ADAM bind Redirection with a NULL password
Tony,
I have a "workshop" next week with a vendor to discuss an extranet
solution. Unfortunately, LDAP auth is not going to be possible, since
there will be no communication across the firewall.
I am steering them toward an ADFS solution, which I think will fit the
bill better. The issue will be, that it will require a 3rd party
middleware to make work, which I am not sure they will be thrilled about.
Thanks for the thoughts on this. Glad to know I'm not the only one
struggling with bad apps! ;)
Jef
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
