none
ADFS setup with multiple domains RRS feed

  • General discussion

  • I’m trying to setup a little proof of concept ADFS on 2012 R2. We’re going to develop our own app but I need to make sure ADFS works first to avoid chasing down any problems in our app that are caused by a misconfigured ADFS.

    I’ve setup a sample site using the instructions from

    http://blogs.technet.com/b/askpfeplat/archive/2013/12/09/how-to-build-your-adfs-lab-on-server-2012-part-1.aspx

    http://blogs.technet.com/b/askpfeplat/archive/2013/12/23/how-to-build-your-adfs-lab-on-server-2012-part2-web-sso.aspx

    and it seems to work when everything is on the same domain.

    What I want to do is allow for SSO from a 2<sup>nd</sup> domain but I can’t figure out what to setup and where.

    There is no trust between the two domains. What I’m trying to simulate is 3<sup>rd</sup> party connecting (I’ve skipped the proxy/dmz stuff for now, I just want to see if I can get this working)

    My current setup is as follows:

    Domain A:

    - AD server

    - ADFS server

    - IIS server running the little claims app from the 2<sup>nd</sup> link

    Domain B:

    - AD and ADFS server on one machine

    - Client joined to domain B

    What I would like to do have a client on domain B browse to https://myapp.domainA.com and have B logged in automatically. Similarly, if a user on domain A goes to that same URL, it should also log them in automatically (which is does now)

    Can someone help me figure out what to configure and where?

    Thanks

    Wednesday, February 11, 2015 8:11 PM

All replies