Can ADFS present one IDP to SAML SP, but authenticate against multiple AD servers on the back end?

user50460

1/23/24, 7:45 PM

Summary

Can ADFS present one IDP to a SAML Service Provider (SP), but authenticate against multiple AD servers on the back end?

Context

Here's the usecase:

Company Foo has bought company Bar
They plan to fully integrate/combine their infrastructure, but "haven't got there yet"
as such the companies still run separate AD servers i.e. one for Foo company the other for Bar
Company Foo wants to use software/service vendor XYZ
XYZ integrates integrates using SAML , but with only one IdP per organization
Company Foo wants their "Bar" users to appear in the same organization within software XYZ (i.e. even though some have @foo.com email addresses and others have @bar.com email addresses)

More Detailed Questions

Can an AD admin setup a single IDP endpoint against which SP XYZ can authenticate for both Foo and Bar users (i.e. foo users authenticate against Foo AD server, Bar users authenticate against Bar AD server)

i.e. so that the Idp authentication endpoint can route to the correct back end server , then provide the correct claims (user attribute) to the SP

0 + 0

adfs

saml

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can ADFS present one IDP to SAML SP, but authenticate against multiple AD servers on the back end?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.