Suppose I have a Windows domain "A" along with Sharepoint and ADFS. All user accounts within Sharepoint are domain based. Now within Sharepoint I have links to an external .NET web application that is a member of its own domain "B"; there is
no trust between domains A and B.
I would like to configure single sign on such that the domain A users can click on the links to external site in domain B from within Sharepoint and not be prompted for login. Domain A users would not have accounts in domain B, but their credentials
would be converted to a token by ADFS for authentication by the domain web application. Is this possible, and if so, what are my requirements with respect to ADFS? Do I need ADFS present in both domains, only in domain A, or only in domain B?
The user accounts in the external web application would be contained within a SQL database (and not in domain B Active Directory).
My inital thought is I need ADFS in domain A, with a trust to Sharepoint, and adding the external web application as a relying party. Please advise; thanks.