locked
How many ADFS farms can you have in a single forest/single domain? RRS feed

  • Question

  • Hi

    I may have some terminology incorrect...please let me know if I do. :)

    My question is, how many ADFS farms can you have in a single forest/single domain? If you want to know why I am asking...please read on.

    We have 1 ADFS Farm and we are looking adding services to it. However not every cloud vendor provides a "Identity Broker" with there services.

    We have a consultant that is advising that we need to enable a SAML-based IdP-initiated single sign-on (SSO) ie using "IdpInitiatedSignOnPage"

    However to do this we need to modify the ADFS website to have "drop down" list so the user can select the "Relying Party" and then authentication with them.

    This means we are exposing a list of every company/party we have federated with. The exposure of this information, is deemed a security concern by our company....which I agree with.

    So the consultant advises that we need a separate ADFS farm. I have searched online, but haven't found any information that confirms multiple ADFS farms can be implemented in a single forest/single domain.

    Thanks for reading and if you have any other suggestions...I'd appreciate it.

    Nyobi
    Tuesday, January 21, 2014 8:23 PM

Answers

  • This is not exactly FIM related question - there is ADFS forum available on Technet. However - technically there is no limit of ADFS farms in a forest \ domain. It is just a service which uses AD and is not altering it in any way or storing some forest-wide information like Exchange. So you can setup two ADFS services in single forest - no problem. 

    If it is a best solution to your problem? I can't say with that limited information but maybe just customization of pages on ADFS side would be enough? 


    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    • Proposed as answer by Robin Gaal Wednesday, January 22, 2014 1:18 PM
    • Marked as answer by Amy Wang_ Wednesday, February 5, 2014 9:20 AM
    Wednesday, January 22, 2014 9:30 AM