Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

LDAP vs ADFS Single Sign On

Tags:

ldap

adfs

I work for a company that offers a SaaS solution. We currently allow customers to SSO in using ADFS on their side and we are the Service Provider accepting a SAML assertion. We seem to get a large number of people requesting SSO via LDAP though. I understand that LDAP is the protocol to authenticate users on an AD network. I'm wondering - is this synonymous with ADFS or are they talking about something else?

If ADFS isn't necessarily the best practice for LDAP authentication over the internet, could someone give me a high level explanation on how we would authenticate against another website using LDAP?

like image 879
kickinchicken Avatar asked Feb 23 '15 21:02

kickinchicken


People also ask

What is the difference between LDAP and SSO?

What is the difference between SSO and LDAP? SSO is a convenient authentication method that allows users to access multiple applications and systems using just one login. LDAP is the protocol or communication process that will enable users to access a network resource through a directory service.

What is the difference between ADFS and SSO?

ADFS provides Web SSO to federated partners, which enables Requesting Parties' users to have an SSO experience to access their web-based applications/systems. ADFS does not extend the schema for Active Directory to create additional custom attributes in AD for the sole purpose of using them as claims.

Is SSO an ADFS?

How to configure SSO with Microsoft Active Directory Federation Services 2.0 (ADFS 2.0) Identity Provider. Single sign-on (SSO) is a time-saving and highly secure user authentication process. SSO lets users access multiple applications with a single account and sign out with one click.

What is the difference between ADFS and Active Directory domain controller?

Since AD stores information of all users ( user IDs and passwords), it acts as the base identity store. ADFS uses all of this identity information in Active Directory and makes it available outside your network. This information can be used by other organizations and applications.


1 Answers

AD is an "extension" of LDAP in that it does more but still handles the normal LDAP query strings etc.

When people talk about LDAP they are normally referring to ADAM / OpenLDAP / OpenDS etc.

ADFS v3.0 only works against AD. The next version (ADFS vNext) will work against LDAP.

The easiest way is to federate ADFS with something that does support LDAP e.g. Shibboleth or simpleSAMLphp.

like image 189
rbrayb Avatar answered Sep 19 '22 16:09

rbrayb