Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Use ADFS as an Authentication Source

This thread has been viewed 9 times

  • 1.  Use ADFS as an Authentication Source

    Posted Mar 01, 2018 04:08 AM

    Hello everyone,

     

    A custumer have multiple AD and he wants to use ADFS for federate them.

     

    I was wondering if it's possible to use AFDS in a service as an authentication sources like we can do with an Active Directory. 

     

    If it is'nt, how can I authenticate users from multiple different AD in a same service ? I have to add all of them in the list of authentication sources ?

     

    Thank you very much for your help !

     

     



  • 2.  RE: Use ADFS as an Authentication Source

    EMPLOYEE
    Posted Mar 01, 2018 05:01 AM

    please take a look at the following.

     

    http://www.arubanetworks.com/techdocs/ClearPass/6.6/PolicyManager/Content/CPPM_UserGuide/identity/ConfiguringSingleSignOn.html

     

    alternativly you can referencae multiple AD servers as part of the service.



  • 3.  RE: Use ADFS as an Authentication Source

    Posted Mar 01, 2018 05:39 AM

    Thank you for your reply and the link.

     

    I'm not looking for doing SSO between ClearPass applications. I want to know if it's possible, to authenticate users in a service from differents ADs which are federated with an ADFS.

     

     



  • 4.  RE: Use ADFS as an Authentication Source

    EMPLOYEE
    Posted Mar 01, 2018 05:50 AM

    Hi, 

    this can be done from CP using SAML to auth against ADFS, for captive portals.  OR you could look at auto-signon.

     

    Aruba Auto Sign-On (ASO) is a feature requiring a combination of ClearPass 6.3 and ArubaOS 6.4. ASO provides single sign-on to web-based applications by converting a user’s layer 2 (802.1X) authentication to the wireless network into a SAML assertion that can be consumed by SAML SSO-enabled applications. That’s a fancy way of saying that if you’re logged into the network, you’re logged into your web apps.

     

     

    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=24992

     

     

     



  • 5.  RE: Use ADFS as an Authentication Source

    EMPLOYEE
    Posted Mar 01, 2018 05:51 AM

    you can also write into your service to use multuple AD domains for authentication. you just need to add them as an authentication source.



  • 6.  RE: Use ADFS as an Authentication Source

    EMPLOYEE
    Posted Mar 01, 2018 07:02 AM
    No, ADFS is not a traditional authentication source.

    You could use it for Onboard preauth and captive portal workflows only.


  • 7.  RE: Use ADFS as an Authentication Source

    Posted Mar 14, 2018 12:23 AM

    If I follow what you are asking, you could authenticate against multiple AD sources in a single service by adding each as a source to the service.

     

    This may result in problems though if you have users that have the same login name. It may be easier to have multiple services, one for each AD.