Educause Security Discussion mailing list archives
Re: ADFS experience with Sharepoint and other SSO/SAML systems
From: Dexter Caldwell <dexter.caldwell () FURMAN EDU>
Date: Tue, 20 Jan 2015 18:34:21 +0000
We went to Office 365 as an early adopter and used ADFS 2.0 for authentication with load balancers from a recommended list of brands we found on Microsoft web pages at the time. (We chose A10 load balancers due to all features being included, price point, feature set and specs for the money). In any case, it's been running great ever since then. We also federated our on-prem SharePoint instance to it, but it's SP2010 at the moment. ADFS has been rock solid for us with about the only issue being if you have certificate expiry issues on either SharePoint or Office 365. We have had the occasional issue once we were getting off the ground and running but most of those smoothed out eventually as we tweaked some of the load balancing configuration to be slightly less smart than we tried to make it. You definitely want a hardware load balancer. I'm not sure how many servers everyone else uses for AFDFS and ADFS proxies, but mine tend to get pounded heavily. I did not necessarily choose hardware SSL accelerator cards though as my requirements were within the specs of the A10's without the extra card. I will also point out that while there are other ways, to go, if you do ADFS, you'll benefit from having it in place for other things you may want to use with Microsoft's Cloud services- which seems to be a strong direction in other areas as well. Dexter Caldwell Dir. Systems & Networks Information Technology Services Furman University 3300 Poinsett Hwy Greenville, SC 29613 email: dexter.caldwell () furman edu<mailto:dexter.caldwell () furman edu> office: 864-294-3566 facsimile: 864-294.3001 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas Carter Sent: Monday, January 19, 2015 4:18 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] ADFS experience with Sharepoint and other SSO/SAML systems We're looking to implement ADFS for single sign on for a Sharepoint 2013 portal we are implementing. We would also use it for other SAML compliant systems on and off campus as well as for Office 365 which is currently using DirSync. I'm looking for experiences with ADFS in that type of environment, particularly with reliability and manageability. We're a small school and don't have the staff for a product that requires too much baby sitting. Thomas Carter Network and Operations Manager Austin College 903-813-2564 [AusColl_Logo_Email]
Current thread:
- ADFS experience with Sharepoint and other SSO/SAML systems Thomas Carter (Jan 19)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Miguel Angel Gonzalez de la Torre (Jan 19)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Kevin Halgren (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Thomas Carter (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Kevin Halgren (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Michael Young (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Thomas Carter (Jan 20)
- Re: ADFS experience with Sharepoint and other SSO/SAML systems Dexter Caldwell (Jan 20)