Security

Reply
Occasional Contributor II

Use ADFS as an Authentication Source

Hello everyone,

 

A custumer have multiple AD and he wants to use ADFS for federate them.

 

I was wondering if it's possible to use AFDS in a service as an authentication sources like we can do with an Active Directory. 

 

If it is'nt, how can I authenticate users from multiple different AD in a same service ? I have to add all of them in the list of authentication sources ?

 

Thank you very much for your help !

 

 

Frequent Contributor I

Re: Use ADFS as an Authentication Source

please take a look at the following.

 

http://www.arubanetworks.com/techdocs/ClearPass/6.6/PolicyManager/Content/CPPM_UserGuide/identity/ConfiguringSingleSignOn.html

 

alternativly you can referencae multiple AD servers as part of the service.

ACCX#1050 ACMP CWDP CWSP
Occasional Contributor II

Re: Use ADFS as an Authentication Source

Thank you for your reply and the link.

 

I'm not looking for doing SSO between ClearPass applications. I want to know if it's possible, to authenticate users in a service from differents ADs which are federated with an ADFS.

 

 

Frequent Contributor I

Re: Use ADFS as an Authentication Source

Hi, 

this can be done from CP using SAML to auth against ADFS, for captive portals.  OR you could look at auto-signon.

 

Aruba Auto Sign-On (ASO) is a feature requiring a combination of ClearPass 6.3 and ArubaOS 6.4. ASO provides single sign-on to web-based applications by converting a user’s layer 2 (802.1X) authentication to the wireless network into a SAML assertion that can be consumed by SAML SSO-enabled applications. That’s a fancy way of saying that if you’re logged into the network, you’re logged into your web apps.

 

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=24992

 

 

 

ACCX#1050 ACMP CWDP CWSP
Frequent Contributor I

Re: Use ADFS as an Authentication Source

you can also write into your service to use multuple AD domains for authentication. you just need to add them as an authentication source.

ACCX#1050 ACMP CWDP CWSP
Guru Elite

Re: Use ADFS as an Authentication Source

No, ADFS is not a traditional authentication source.

You could use it for Onboard preauth and captive portal workflows only.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP

Re: Use ADFS as an Authentication Source

If I follow what you are asking, you could authenticate against multiple AD sources in a single service by adding each as a source to the service.

 

This may result in problems though if you have users that have the same login name. It may be easier to have multiple services, one for each AD.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: