ADFS V2 Question RRS feed

  • Question

  • I have a ADFS V2 instance deployed that is currently working per design and passing claims for SPS 2010.

    Now mgmt wants to move it to a "different" domain. For example it resides in Domain "A" users come in externally via a "CAC common access card" The data is parsed off of the card and a profile is created within A.D.

    Mgmt would like for profiles to get created elsewhere (Domain B).

    I was thinking of setting up a "one way" trust with Doamin B and manage all the profiles there....Is that possible? Or does the instance of ADFS need to be moved to domain B?

    This was a nightmare to configure and get working, therefore; I am not to keen on moving it now that it's finally working.

    I have a SharePoint background so this is not my forte any information would be greatly appreciated.


    Thanks and Regards,


    Monday, January 9, 2012 4:11 PM

All replies

  • ADFS v2 will work with domain trusts as long as it can authenticate users to that domain. Whether this works is dependent on the direction of the AD trust. Domain A would need to trust Domain B.

    I don't think this is relevent to the question, but does ADFS do anything custom with the CAC?

    Developer Security MVP | www.syfuhs.net
    Monday, January 9, 2012 6:16 PM