Educause Security Discussion mailing list archives

Re: ADFS experience with Sharepoint and other SSO/SAML systems

From: Dexter Caldwell <dexter.caldwell () FURMAN EDU>
Date: Tue, 20 Jan 2015 18:34:21 +0000

We went to Office 365 as an early adopter and used ADFS 2.0 for authentication with load balancers from a recommended 
list of brands we found on Microsoft web pages at the time.  (We chose A10 load balancers due to all features being 
included, price point, feature set and specs for the money).  In any case, it's been running great ever since then. We 
also federated our on-prem SharePoint instance to it, but it's SP2010 at the moment.  ADFS has been rock solid for us 
with about the only issue being if you have certificate expiry issues on either SharePoint or Office 365.  We have had 
the occasional issue once we were getting off the ground and running but most of those smoothed out eventually as we 
tweaked some of the load balancing configuration to be slightly less smart than we tried to make it.  You definitely 
want a hardware load balancer.  I'm not sure how many servers everyone else uses for AFDFS and ADFS proxies, but mine 
tend to get pounded heavily.  I did not necessarily choose hardware SSL accelerator cards though as my requirements 
were within the specs of the A10's without the extra card.  I will also point out that while there are other ways, to 
go, if you do ADFS, you'll benefit from having it in place for other things you may want to use with Microsoft's Cloud 
services- which seems to be a strong direction in other areas as well.


Dexter Caldwell
Dir. Systems & Networks
Information Technology Services
Furman University
3300 Poinsett Hwy
Greenville, SC 29613
email: dexter.caldwell () furman edu<mailto:dexter.caldwell () furman edu>
office: 864-294-3566
facsimile: 864-294.3001


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas 
Carter
Sent: Monday, January 19, 2015 4:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ADFS experience with Sharepoint and other SSO/SAML systems

We're looking to implement ADFS for single sign on for a Sharepoint 2013 portal we are implementing. We would also use 
it for other SAML compliant systems on and off campus as well as for Office 365 which is currently using DirSync. I'm 
looking for experiences with ADFS in that type of environment, particularly with reliability and manageability. We're a 
small school and don't have the staff for a product that requires too much baby sitting.

Thomas Carter
Network and Operations Manager
Austin College
903-813-2564
[AusColl_Logo_Email]

Current thread:

ADFS experience with Sharepoint and other SSO/SAML systems Thomas Carter (Jan 19)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Miguel Angel Gonzalez de la Torre (Jan 19)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Kevin Halgren (Jan 20)
  - Re: ADFS experience with Sharepoint and other SSO/SAML systems Thomas Carter (Jan 20)
    - Re: ADFS experience with Sharepoint and other SSO/SAML systems Kevin Halgren (Jan 20)
    - Re: ADFS experience with Sharepoint and other SSO/SAML systems Michael Young (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Dexter Caldwell (Jan 20)