Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

LDAP vs ADFS Single Sign On

Tags:

ldap

adfs

I work for a company that offers a SaaS solution. We currently allow customers to SSO in using ADFS on their side and we are the Service Provider accepting a SAML assertion. We seem to get a large number of people requesting SSO via LDAP though. I understand that LDAP is the protocol to authenticate users on an AD network. I'm wondering - is this synonymous with ADFS or are they talking about something else?

If ADFS isn't necessarily the best practice for LDAP authentication over the internet, could someone give me a high level explanation on how we would authenticate against another website using LDAP?

like image 879
kickinchicken Avatar asked Feb 23 '15 21:02

kickinchicken

People also ask

What is the difference between LDAP and SSO?

What is the difference between SSO and LDAP? SSO is a convenient authentication method that allows users to access multiple applications and systems using just one login. LDAP is the protocol or communication process that will enable users to access a network resource through a directory service.

What is the difference between ADFS and SSO?

ADFS provides Web SSO to federated partners, which enables Requesting Parties' users to have an SSO experience to access their web-based applications/systems. ADFS does not extend the schema for Active Directory to create additional custom attributes in AD for the sole purpose of using them as claims.

Is SSO an ADFS?

How to configure SSO with Microsoft Active Directory Federation Services 2.0 (ADFS 2.0) Identity Provider. Single sign-on (SSO) is a time-saving and highly secure user authentication process. SSO lets users access multiple applications with a single account and sign out with one click.

What is the difference between ADFS and Active Directory domain controller?

Since AD stores information of all users ( user IDs and passwords), it acts as the base identity store. ADFS uses all of this identity information in Active Directory and makes it available outside your network. This information can be used by other organizations and applications.

1 Answers

AD is an "extension" of LDAP in that it does more but still handles the normal LDAP query strings etc.

When people talk about LDAP they are normally referring to ADAM / OpenLDAP / OpenDS etc.

ADFS v3.0 only works against AD. The next version (ADFS vNext) will work against LDAP.

The easiest way is to federate ADFS with something that does support LDAP e.g. Shibboleth or simpleSAMLphp.

like image 189
rbrayb Avatar answered Sep 19 '22 16:09

rbrayb
Sign in to Comment

Related questions

Problems with secure bind to Active Directory using PHP
How to do password authentication for a user using LDAP?
LDAP - Meaning of objectClass = top
How do I use a custom authorities populator with Spring Security and the ActiveDirectoryLdapAuthenticationProvider?
LDAP authentication with django REST
Authenticating users using Active Directory in Client-Server Application
Does LDAP over SSL require a cert on the client?
Spring Security and LDAP authentication
Unknown Error (0x80005000) with LDAPS Connection
ldap_sasl_bind_s(GSSAPI) - What should be provided in the credentials BERVAL structure
Where can I find a listing of LDAP Active directory messages and there meanings?
PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server
Listing users in ad group recursively with powershell script without CmdLets
Parse substring from text
Finding An LDAP URL?
ldap query for group members
SonarQube LDAP Authentication seems to load but won't allow login via domain user
How can I retrieve deleted objects from Active Directory with Ruby?
How to add a course to an existing user in moodle remotely?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!