Does parent domain level trust is mandatory? RRS feed

  • Question

  • Dear All,

    Hope new year is going well for you!

    I have some queries with regards to ADFS 3.0 integration with Symantec Fireglass, any help would be greatly appreciated. 

    We have two forest abc.com and xyz.com, single adfs server is deployed in abc.com domain and integrated with fireglass. 

    Abc.com users are able to authenticate without any issues, but users from 123.xyz.com is not authenticating. 

    Abc.com and xyz.com does not have any trust, but abc.com and 123.xyz.com has two way external trust. 

    Also we are able to login into idpinitiatedsignon page using 123.xyz.com user, but cannot login with fireglass relaying party. 

    ADFS events are looking for an LDAP server in xyz.com instead of 123.xyz.com

    My question is, is parent level trust mandatory for this to be working? I'm lost in finding any supporting documents. 

    Your help will be greatly appreciated!!!



    Kottees :My Blog Please mark it as an answer if it really helps you.

    Wednesday, January 2, 2019 9:34 AM

All replies

  • Hello,

    You mentioned that you can successfully logon to the idpinitiatedSignOn page using 123.xyz.com credentials. This means authentication is working. If that's the case then, it means the fireglass application might not be claim aware. Can you reachout to the vendor to confirm this? Or do you have another claim aware application you can test see if that works?

    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Wednesday, January 9, 2019 5:24 AM
  • Thank you Isaac for your response. We are working on it, I will keep you posted on the update. 

    Kottees :My Blog Please mark it as an answer if it really helps you.

    Thursday, January 10, 2019 6:09 AM