This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Is it possible: ADFS, SharePoint 2013, KCD

Question
0

Sign in to vote
Is the following scenario possible?

Site A:

Active Directory domain a.local
SharePoint 2013 on Kerberos
ADFS 3.0
WAP
KCD configured
Relying Party Trust to SharePoint Web Application (test.a.com)
Web Application published through WAP successfully
Claims Provider Trust to ADFS in Site B
Pass-through claims configured on RP Trust and CP Trust (e-mail address)
LDAP claims configured on CP Trust (e-mail address)

Site B:

Active Directory domain b.local
ADFS 3.0
WAP
Relying Party Trust to ADFS in site A
Pass-through claims configured on RP Trust (e-mail address)

When I browse to test.a.com I can select the right (external) claims provider trust and login with a user from domain b.local. When I do this I receive an HTTP error 500.

When I select the (internal) claims provider trust and login with a user from domain a.local everything works fine.

Is this scenario possible when using Kerberos? How is the mapping done between a user from domain b.local and domain a.local?

Thanks in advance!
Monday, November 7, 2016 3:40 PM

Answers

0

Sign in to vote
There is no mapping. KCD works only for the Active Directory claim provider. There is no mapping. If b.local doesn't trust a.local, you cannot use KCD between those two domains.

If you need to use users from b.local and do not wish to create a trust you could convert your SharePoint to a claim-based application.
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Proposed as answer by Todd Heron Monday, November 7, 2016 5:25 PM
- Marked as answer by S_Up3r Monday, November 7, 2016 7:36 PM
Monday, November 7, 2016 3:44 PM