|
|
|
|
|
|
by xenophonf
2900 days ago
|
|
|
I realize it's a little late to say this, but AD FS is garbage. I've run AD FS both as an InCommon IdP and an InCommon SP, with both as full federation partners. While I solved the metadata consumption, attribute scope checking, and discovery UX issues, I encountered lots of little interoperability issues that required disabling request/assertion encryption or switching between SHA-1/SHA-256 on individual CP/RP trusts. Ultimately, we replaced the IdPs with Shibboleth and moved the SPs behind SATOSA, which works a LOT better. |
|
|