I work for a company that offers a SaaS solution. We currently allow customers to SSO in using ADFS on their side and we are the Service Provider accepting a SAML assertion. We seem to get a large number of people requesting SSO via LDAP though. I understand that LDAP is the protocol to authenticate users on an AD network. I'm wondering - is this synonymous with ADFS or are they talking about something else?
If ADFS isn't necessarily the best practice for LDAP authentication over the internet, could someone give me a high level explanation on how we would authenticate against another website using LDAP?
What is the difference between SSO and LDAP? SSO is a convenient authentication method that allows users to access multiple applications and systems using just one login. LDAP is the protocol or communication process that will enable users to access a network resource through a directory service.
ADFS provides Web SSO to federated partners, which enables Requesting Parties' users to have an SSO experience to access their web-based applications/systems. ADFS does not extend the schema for Active Directory to create additional custom attributes in AD for the sole purpose of using them as claims.
How to configure SSO with Microsoft Active Directory Federation Services 2.0 (ADFS 2.0) Identity Provider. Single sign-on (SSO) is a time-saving and highly secure user authentication process. SSO lets users access multiple applications with a single account and sign out with one click.
Since AD stores information of all users ( user IDs and passwords), it acts as the base identity store. ADFS uses all of this identity information in Active Directory and makes it available outside your network. This information can be used by other organizations and applications.
AD is an "extension" of LDAP in that it does more but still handles the normal LDAP query strings etc.
When people talk about LDAP they are normally referring to ADAM / OpenLDAP / OpenDS etc.
ADFS v3.0 only works against AD. The next version (ADFS vNext) will work against LDAP.
The easiest way is to federate ADFS with something that does support LDAP e.g. Shibboleth or simpleSAMLphp.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With