I am new to working with AD FS, I have experience with LDAP.
I am confused terminology surrounding AD FS especially since I realized today that most of what i was reading was AD FS 2.0 material.
Here is what I am trying to accomplish:
I am attempting to make a Web-SSO that will service many different already existing Web Applications that are all run in house.
I am apart of a domain, however I do want to use the domain as the "database" for the external accounts I am creating. My initial thought was that I could use the LDS platform to run a simple LDAP instance and control my external users with this.
This seems fairly straightforward to me using the built-in AD FS role, by using the LDS as an account store and then configuring the web applications under My Organization -> Applications. Not requiring any configuration for Parter Organizations.
I have come today, to realize that there is now ADFS 2.0 and that it apparently does not support using the LDS platform as the actual "database" where the users exist. I have also seen advice stating do not use the built-in AD FS functionality,
however if I am forced to used the full bodied AD DS I have no choice, ADFS 2.0 simply will not work. We are our own department at a University and we are not given Domain Admin access to the overarching LDAP nor are we able to collaborate with Central IT.
(Why our departmental IT exists in the first place)
I would appreciate any feedback that could guide me in the right direction.
