I have been using ADFS to authenticate users against AD fine, using a claims aware template in VS. Some of our users will not be in Active Directory, so I would like to know if its possible to configure ADFS to look up SQL Server for these users and then carry on as normal.
Does ADFS2.0 provide custom authentication stores?
is a similar question, just one person says yes it can be done and other says you can't.
AD FS 2.0 can only authenticate against Active Directory (AD DS). This is not explicitly documented in the official AD FS 2.0 documentation, but it follows from the following two snippets:
So no custom authentication stores, SQL Server based or otherwise.
(On the other question on additional attribute stores: that is possible.)
The solution that is suggested in an answer to the other question you refer to is a bit misleading. If you read the actual blog post you see that they add an extra STS. AD FS 2.0 has a 'Claims Provider Trust' for that other STS, and redirects to it (if the 'home realm discovery' is set up correctly). That other STS then performs the authentication in whichever way it likes, sends a token back to AD FS, which then runs its claim rules.
So in that solution it is not AD FS 2.0 authenticating against an non-AD store, but redirecting to an STS which authenticates against that store.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With