Re: ADFS Experience

[Miguel Angel Gonzalez de la Torre <mglez () ITESM MX>]

Hello.
We have implemented ADFS with O365, Yammer and Sharepoint 2013 without problems.
We have federated also third party applications on cloud like gartner, Success Factors and Design to Learn.

About Banner we ask ellucian to federate their portals and the answer was that they do not support SAML 2.0 natively, 
so we must have to use CAS and Shivoleth.
We are evaluating this because we’re not sure if ellucian will give support on Shivoleth.

The ADFS in Windows 2012 R2 now includes Oauth and may be a way to connect with elluciand, but we haven’t tested that 
yet.

Hope it helps.

Ing. Miguel Angel González de la Torre, MCC
Director Seguridad de la Información
Dirección de Tecnologías de Información
Contáctame por Lync<sip:mglez () itesm mx>

Tel.: 52 (81) 8158 2000, ext. 2936. Fax: 81 81582287
Enlace intercampus: 80-689-2936.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nicholas 
Roy
Sent: martes, 21 de octubre de 2014 01:42 p. m.
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] ADFS Experience

We set it up for use with Office365 when I was at UIowa, it works pretty well for that. You might consider reaching out 
to the WinHiEd community for help, a ton of those folks have done this http://www.windows-hied.org/

Best,

Nick

Nicholas Roy - Penn State - Information Technology Services
http://identity.psu.edu
Departmental Twitter: @psuidentity
nicholas-roy () psu edu<mailto:nicholas-roy () psu edu>
tel +1 814 867 0115


________________________________
From: "Ryan Hiebert" <ryan () RYANHIEBERT COM<mailto:ryan () RYANHIEBERT COM>>
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Tuesday, October 21, 2014 11:14:00 AM
Subject: Re: [SECURITY] ADFS Experience

Also, I had to go through their documentation for setting up ADFS a few times very carefully. It changed while I was 
setting things up, but it did seem to have at least links to everything I needed to get the basics set up.

One other thing that caused some frustration was dealing with the signing certificates. ADFS helpfully warns when the 
certificates are getting old, but the warning didn’t (for me) get silenced when the certificates were updated. It 
complained until the offending certificate expired. That was frustrating because it made me uncertain about whether I 
had correctly set up the new signing certificate.

On Oct 21, 2014, at 10:10 AM, Ryan Hiebert <ryan () ryanhiebert com<mailto:ryan () ryanhiebert com>> wrote:

I’ve been away from the management of it for a while, but I set up ADFS with office 365, and it worked OK. There’s no 
self-service account reset, etc, with ADFS, which was one of the main features that I personally found lacking. I found 
attempting to customize ADFS to be quite difficult, and I never was able to do it, though admittedly I wasn’t able to 
put as much into trying as I would have liked.

On Oct 21, 2014, at 10:03 AM, Thomas Carter <tcarter () AUSTINCOLLEGE EDU<mailto:tcarter () AUSTINCOLLEGE EDU>> wrote:

We are looking at implementing ADFS for use with both Office 365 as well as on-site Sharepoint 2013 (with Ellucian 
Portal more specifically). I’m looking for input from anyone who has implemented ADFS for either/both of those and what 
their experience has been. I’m also interested in the on-going maintenance and problems experienced managing ADFS.

Thomas Carter
Network and Operations Manager
Austin College
903-813-2564
<image001.gif>