[英]Can I use ADFS 2.0 to authenticate certain users against SQL Server?
I have been using ADFS to authenticate users against AD fine, using a claims aware template in VS. 我一直在使用ADFS在VS中使用声明感知模板对AD进行身份验证。 Some of our users will not be in Active Directory, so I would like to know if its possible to configure ADFS to look up SQL Server for these users and then carry on as normal. 我们的一些用户将不在Active Directory中,因此我想知道是否可以配置ADFS以便为这些用户查找SQL Server,然后继续正常运行。
Does ADFS2.0 provide custom authentication stores? ADFS2.0是否提供自定义身份验证存储?
is a similar question, just one person says yes it can be done and other says you can't. 是一个类似的问题,只有一个人说是的,它可以做,而其他人说你做不到。
AD FS 2.0 can only authenticate against Active Directory (AD DS). AD FS 2.0 只能针对Active Directory(AD DS)进行身份验证。 This is not explicitly documented in the official AD FS 2.0 documentation, but it follows from the following two snippets: 这在官方AD FS 2.0文档中没有明确记录,但它遵循以下两个片段:
So no custom authentication stores, SQL Server based or otherwise. 因此,没有自定义身份验证存储,基于SQL Server或其他。
(On the other question on additional attribute stores: that is possible.) (关于其他属性存储的另一个问题:这是可能的。)
The solution that is suggested in an answer to the other question you refer to is a bit misleading. 在回答您提到的另一个问题时建议的解决方案有点误导。 If you read the actual blog post you see that they add an extra STS. 如果您阅读实际的博客文章,您会看到他们添加了额外的STS。 AD FS 2.0 has a 'Claims Provider Trust' for that other STS, and redirects to it (if the 'home realm discovery' is set up correctly). AD FS 2.0为其他STS提供“声明提供商信任”,并重定向到它(如果“主域发现”设置正确)。 That other STS then performs the authentication in whichever way it likes, sends a token back to AD FS, which then runs its claim rules. 然后,其他STS以其喜欢的方式执行身份验证,将令牌发送回AD FS,然后AD FS运行其声明规则。
So in that solution it is not AD FS 2.0 authenticating against an non-AD store, but redirecting to an STS which authenticates against that store. 因此,在这种解决方案是不AD FS 2.0对一个非AD店铺认证 ,但重定向到的STS,其验证针对该存储。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.