We have a requirement to publish SharePoint 2013 on UAG.
We have two end-user scenarios:
1. External ADFS customers.
2. External AD customers.
Can one trunk have both authentication repositories and application configured for each or do I have to create two separate trunks?
We are also using PerformancePoint dashboards and Analysis Services data that utilize AD Security Groups for the data that is presented. Is there a way to map the SAML users to an AD account or AD group for these permissions?
- Bearbeitet AmbersEd Freitag, 21. Juni 2013 19:19 Typo
I presume you mean internal AD users?
However, it doesn't really matter much, UAG can handle multiple authentication sources on one trunk.
Yes it is possible, the user profile service should be able to help you with that.
- Bearbeitet Jesper Arnecke Samstag, 22. Juni 2013 09:43 Edit
I gave it a shot and received this error so i'm thinking ADFS 2.0 must be an exception for allowing multiple authentication servers:
"Federated authentication requires the use of a single AD FS 2.0 server only. Remove the additional authentication servers and then click OK."
It wasn't OK, but I clicked it anyway.
I'll look into the user profile service.
- Bearbeitet AmbersEd Samstag, 22. Juni 2013 16:32 typo
We are currently running a setup with ADFS 2.0 and AD authentication on the same trunk, so I know it's possible.
ADFS externally and AD locally. - Hence the question if you meant local AD and not external AD. If you case is 2x ADFS I don't know :)