Educause Security Discussion mailing list archives
Re: ADFS experience with Sharepoint and other SSO/SAML systems
From: Kevin Halgren <kevin.halgren () WASHBURN EDU>
Date: Tue, 20 Jan 2015 14:50:58 +0000
Make sure you implement with ADFS 2012R2 (sometimes referred to as ADFS 3.0), it's much simpler to set up and manage than 2.0, has lower resource utilization overhead, and doesn't have the compatibility issues with Google Chrome that 2.0 does. We've used the SharePoint in Office 365 and we've had numerous problems with people sending links to SharePoint that don't work for people using Google Chrome. ADFS 2012R2 requires Windows Server 2012R2 and has remarkably modest resource requirements. I have a cloud-based test instance running on 1 CPU and 1GB of RAM (AWS free tier) and it runs just fine - yes 1GB RAM!. I strongly advise against using the Microsoft network (software) load balancer - it was the cause of all the service-impacting issues we encountered here, in particular there are some issues with it running in a VMware environment. Front-ending it with an external load balancer eliminated this problem. Once set up, there's very little maintenance required. When we implemented, DirSync was placed on a separate server. It can now be installed on a domain controller, though we're not going to bother moving ours. Kevin From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas Carter Sent: Monday, January 19, 2015 3:18 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] ADFS experience with Sharepoint and other SSO/SAML systems We're looking to implement ADFS for single sign on for a Sharepoint 2013 portal we are implementing. We would also use it for other SAML compliant systems on and off campus as well as for Office 365 which is currently using DirSync. I'm looking for experiences with ADFS in that type of environment, particularly with reliability and manageability. We're a small school and don't have the staff for a product that requires too much baby sitting. Thomas Carter Network and Operations Manager Austin College 903-813-2564 [AusColl_Logo_Email]
Current thread:
- ADFS experience with Sharepoint and other SSO/SAML systems Thomas Carter (Jan 19)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Miguel Angel Gonzalez de la Torre (Jan 19)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Kevin Halgren (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Thomas Carter (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Kevin Halgren (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Michael Young (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Thomas Carter (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Dexter Caldwell (Jan 20)