none
Do we need a federation server at both organizations? RRS feed

  • Question

  • If we have two separate organizations in separate forest which do not have a trust: A and B.

    For A to access B resources do both forests need to have a ADFS server in their respective forest?

    If A has a federated farm consisting of 50 servers.  How do the 50 separate ADFS servers write to the same SQL server? or is there something I am not understanding?,... 


    dsk

    Sunday, April 26, 2020 2:39 AM

All replies

  • As far as I understand your scenario, you will need to have ADFS server(s) in both forests. These will be separate ADFS organizations of course. Then you will have to configure ADFS trust between them.

    If you have more than 30 servers in your farm you need SQL to keep farm configuration data. In smaller organizations you can work without SQL - in that case farm configuration data is kept in Windows Internal Database (WID). In both cases there is amount of some shared data, just in case of SQL it has better performance and some additional technical scenarios available.

    You can read more here: Federation Server Farm Using SQL Server


    Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

    • Proposed as answer by Borys Majewski Thursday, April 30, 2020 10:34 AM
    Monday, April 27, 2020 11:11 AM
  • If we have two separate organizations in separate forest which do not have a trust: A and B.

    For A to access B resources do both forests need to have a ADFS server in their respective forest?

    If A has a federated farm consisting of 50 servers.  How do the 50 separate ADFS servers write to the same SQL server? or is there something I am not understanding?,... 


    dsk

    Are you talking about the SQL server(s) that host the ADFS back end database?  Or are you talking about SQL servers for an application that consumes federated identity claims?
    Thursday, May 21, 2020 11:45 PM