locked
Non-AD for Primary Authentication RRS feed

  • Question

  • Hi,

    In ADFS 3.0, is there a way to authenticate a user by checking his/her client certificate (smart card) only? I don't want to look up the user in AD during the authentication process as it's not required. If this is doable, can anyone tell me how?

    Thanks,


    • Edited by iSunshine2 Tuesday, May 24, 2016 7:49 PM
    Tuesday, May 24, 2016 7:15 PM

Answers

  • You user have to exist for one of your claim provider. By default you have only AD.

    But you can create a trust with other claim provider/IDPs. You could for example create a claim provider trust with Azure AD and create your user in Azure AD only and authorize them to access your trusted apps.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 26, 2016 7:18 PM

All replies

  • You can use certificate based authentication as a primary authentication. But this is still relying on AD (the user needs to exist in AD).

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 26, 2016 4:57 PM
  • Okay, but like I said, I want to authenticate the user without relying on AD. I guess it's not doable....
    Thursday, May 26, 2016 6:50 PM
  • You user have to exist for one of your claim provider. By default you have only AD.

    But you can create a trust with other claim provider/IDPs. You could for example create a claim provider trust with Azure AD and create your user in Azure AD only and authorize them to access your trusted apps.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 26, 2016 7:18 PM
  • Is that helping?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, June 2, 2016 1:13 PM