none
How ACS will behave when two client will have same domain name. RRS feed

  • Question

  • Hi,

    We are adding WS-Federation Identity provider in ACS. Now come to very complex scenario.

    Our two client located on different location will have same domain name.

    How acs will behave in this case. Please advise.

    Thanks,

    Pramod

    Thursday, February 16, 2012 11:00 AM

Answers

  • Hi Pramod,

    If you mean that both clients have the same Active Directory domain name you don't need to worry about. Take a look at the following screenshot: http://bit.ly/yROk9v

    This is an example of how the FederationMetadata.xml looks like. You'll see EntityDescriptor as the root of the file with the attribute entityID (for ADFS this is the public url of your ADFS proxy). And ACS will use this entityID as Issuer Name.  

    As a result you can have a customer called SuperContoso with an active directory domain name CONTOSO and an entityID "http://fs.supercontoso.com/adfs/services/trust". Besides that you could also have MegaContoso with an active directory domain name CONTOSO (the same domain name as SuperContoso) with a different entityID: http://fs.megacontoso.com/adfs/services/trust

    Sandrino

    Thursday, February 16, 2012 11:47 AM

All replies

  • Hi Pramod,

    If you mean that both clients have the same Active Directory domain name you don't need to worry about. Take a look at the following screenshot: http://bit.ly/yROk9v

    This is an example of how the FederationMetadata.xml looks like. You'll see EntityDescriptor as the root of the file with the attribute entityID (for ADFS this is the public url of your ADFS proxy). And ACS will use this entityID as Issuer Name.  

    As a result you can have a customer called SuperContoso with an active directory domain name CONTOSO and an entityID "http://fs.supercontoso.com/adfs/services/trust". Besides that you could also have MegaContoso with an active directory domain name CONTOSO (the same domain name as SuperContoso) with a different entityID: http://fs.megacontoso.com/adfs/services/trust

    Sandrino

    Thursday, February 16, 2012 11:47 AM
  • Hi Sandrino,

    I have simulated the envrioment as I mention above. But when I send page request from domain 1 to authenticate user it is redirecting to domain 2 and authentication gets failed because loging user did not find in domain 2.

    Please advice.

    Thanks,

    Pramod

    Thursday, March 15, 2012 5:55 AM
  • Could you please explain how you configured the identity providers and the rule groups?

    Sandrino Di Mattia | Twitter: http://twitter.com/sandrinodm | Azure Blog: http://fabriccontroller.net/blog | Blog: http://sandrinodimattia.net/blog

    Thursday, March 15, 2012 6:52 AM
  • Hi,

    We are configuring ID progrmatically using Service Managment API. where we provide the url which comes from ADFS.

    https://machinename.domainname.com/FederationMetadata/2007-06/FederationMetadata.xml

    And we are using default rule group which is also configured through Service Managment API.

    Thanks,

    Pramod


    • Edited by Pramod S Thursday, March 15, 2012 9:31 AM change text
    Thursday, March 15, 2012 9:28 AM
  • How are you setting the issuer name of the identity providers?

    Sandrino Di Mattia | Twitter: http://twitter.com/sandrinodm | Azure Blog: http://fabriccontroller.net/blog | Blog: http://sandrinodimattia.net/blog

    Thursday, March 15, 2012 10:52 AM
  • Do you mean display Name for ID in ACS?

    I have set it programattically and it will be computurname.domain.com.

    Thanks,

    Pramod

    Saturday, March 17, 2012 5:23 AM