locked
Resource STS - when required? RRS feed

  • Question

  • Hello,

    I'm trying to figure out when resource sts is really needed and why. So far I have found two possible reasons.

    If there is many resources and many identity organizations the resource sts can simplify trust configurations between those resources and identities. That is ok. (https://blogs.msdn.microsoft.com/card/2007/12/17/about-relying-party-stss-a-k-a-what-is-requirefederatedidentityprovisioning/)

    And other reason is when trying to achieve federated web SSO. (https://technet.microsoft.com/fi-fi/windows-server-docs/identity/ad-fs/design/review-the-role-of-the-federation-server-in-the-resource-partner). But that requirement leads to that federated web SSO experience also needs for.ex AD at resource site. And private network and so on. That's sounds odd.  Internet facing web-site is suddenly expanded to two networks, firewall and ad and ad controller(s), and federation server(s) and federation server proxy(s). Is that real technical requirement I do not understand?

    BR

    cobaltest

    Saturday, April 8, 2017 5:19 PM