We are planning for ADFS 2.0 implementation to provide a single sign on experiance
to "internal" users for an application hosted by vendor. The vendor provides SSO through CA SiteMinder Federated SSO. The vendor supports
- Version SAML 2.0
- Binding HTTP POST Binding
- Profile Web Browser SSO Profile
If our users will require to this external application from internal network, do I need to have an ADFS-Proxy server in our DMZ? Can I provide the SSO feature to internal network users without using proxy-ADFS server(s) and without risking any security.
Thank You.