question

76799181 avatar image
0 Votes"
76799181 asked 76799181 answered

Federation beetwen two domain

Hi guys.
I am writing here because it is the first time that I have to work in real time on an ad fs in my work environment.
premise: I did a course on AD FS but the reality is quite different when you have to apply to the real world.
Let me explain my test environment before doing anything on the real.
The laboratory is composed as in the attached image.
89646-adfs.jpg



Target:
bidirectional login on both domains and logn on an Oracle application.

Can you help me?
Thanks a lot to everyone

adfs
adfs.jpg (20.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

piaudonn avatar image
0 Votes"
piaudonn answered piaudonn edited

If CONTOSO and ADATUM have a bidirectional AD trust, then you don't need two ADFS farms. One farm can authenticate the two domains. In that case you would just create one relying party trust for ORACLE in your unique ADFS farm.

If you don't have an AD trust, then you can do the following:
1. On the CONTOSO ADFS, create a relying party trust for ORACLE (use the data from the ORACLE admins).
2. On the ORACLE server, configure the system to use the CONTOSO ADFS for authentication (follow their documentation).
3. On the CONTOSO ADFS, create a claim provider trust for the ADATUM ADFS (during the setup, make it point to the metadata URL of the ADFS farm of ADATUM).
4. Configure Acceptance Tranform rules on that claim provider trust to pass the claims you want to receive from the ADFS of ADATUM.
5. On the ADATUM ADFS, create a relying party trust for CONTOSO ADFS (during the setup, make it point to the metadata URL of the ADFS farm of CONTOSO).
6. Configure Issuance Transform rules on that relying party trust to send the claims you need to the ADFS of CONTOSO.

That's it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

76799181 avatar image
0 Votes"
76799181 answered piaudonn commented

ok if i understand correctly this will be my configuration:

89738-drawing1.png



drawing1.png (37.8 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yes, that's a working solution.

1 Vote 1 ·
76799181 avatar image
0 Votes"
76799181 answered

Thank you!!! Now the problem is Oracle web logic, all documentation that find not is working properly in my enviroment work!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.