WSS and SPS 2003 Support boundaries for ADFS#

From MS KB:

Active Directory Federation Services (ADFS) enables web single sign-on, federated identity and access management by securely sharing digital identity and entitlement rights across security and enterprise boundaries. The ADFS functionality becomes available in Windows Server 2003 R2.
SharePoint and ADFS integration is dependent on the ADFS ability to seamlessly convert the ADFS authentication token to a Windows authentication token on the server. SharePoint server side functionality is mostly compatible with ADFS authentication. Limitations on the supported features for SharePoint and ADFS integration are driven by client side incompatibilities.

ADFS is a web-based authentication mechanism which relies on a system of client-side redirects in order to authenticate the end-user. This works well when the client is a Web browser such as Microsoft Internet Explorer. However, not all client programs support redirects.

When the user is authenticated, client-side redirects are used to obtain an ADFS authentication token, which is saved in a session cookie to authenticate subsequent requests using the same client program. Since session cookies are not shared between programs running in separate processes, Microsoft Office or other programs cannot access the cookie issued for a browser. This requires re-authenticating the user, for which the necessary redirects are not guaranteed to work in non-browser programs. Even if initial authentication succeeds, the resultant authentication cookie has an associated timeout. Thus periodic re-authentication is required, which is not guaranteed to work for all programs.

Several significant ADFS and SharePoint integration problems come from attempting to use client programs that do not work with redirects. For example, the use of SharePoint with Microsoft Office Outlook 2003, Microsoft Office FrontPage 2003, Microsoft Office Word 2003, or the Windows shell commands are either outright broken or have a sub-par experience.

The remainder of this article addresses what is supported and not supported, and how to best mitigate end-user problems that result from the known issues in this configuration.

Sharepoint | Windows
Monday, January 30, 2006 8:40:48 AM UTC #     | 

 

All content © 2012, Mart Muller
On this page
WSS and SPS 2003 Support boundaries for ADFS
This site
Syndicate
Calendar
<February 2012>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
26272829123
45678910
Archives
 Full Archives By Category
February, 2010 (1)
January, 2010 (2)
November, 2009 (5)
October, 2009 (3)
September, 2009 (2)
August, 2009 (1)
July, 2009 (7)
June, 2009 (1)
May, 2009 (1)
April, 2009 (3)
March, 2009 (4)
February, 2009 (3)
January, 2009 (2)
December, 2008 (3)
November, 2008 (4)
October, 2008 (2)
September, 2008 (8)
August, 2008 (6)
July, 2008 (2)
June, 2008 (6)
May, 2008 (10)
April, 2008 (3)
March, 2008 (8)
February, 2008 (9)
January, 2008 (9)
December, 2007 (15)
November, 2007 (1)
October, 2007 (1)
September, 2007 (5)
August, 2007 (4)
July, 2007 (4)
June, 2007 (6)
May, 2007 (12)
April, 2007 (7)
March, 2007 (5)
February, 2007 (12)
January, 2007 (16)
December, 2006 (6)
November, 2006 (22)
October, 2006 (19)
September, 2006 (17)
August, 2006 (23)
July, 2006 (13)
June, 2006 (3)
May, 2006 (10)
April, 2006 (7)
March, 2006 (23)
February, 2006 (14)
January, 2006 (20)
December, 2005 (11)
November, 2005 (18)
October, 2005 (16)
September, 2005 (19)
August, 2005 (32)
July, 2005 (30)
June, 2005 (24)
May, 2005 (25)
April, 2005 (28)
March, 2005 (35)
February, 2005 (32)
January, 2005 (28)
December, 2004 (10)
November, 2004 (8)
October, 2004 (4)
September, 2004 (12)
August, 2004 (5)
July, 2004 (4)
Sitemap
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Disclaimer

Powered by: newtelligence dasBlog 1.9.7174.0

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Send mail to the author(s) E-mail

Theme design by Jelle Druyts