We have been asked to provide SSO capability for a customer's new Episerver CMS site. But they have 2 Active Directory forests, an internal one for their employees who will be the administrators and content authors, and an external one which they want to use to control access to restrictred areas of the site for their customers.
I know how to set up the environment using Federated security for either one of these cases alone. And I have seen the documentation on mixed-mode authentication - though that talks about using Federated security as the default and something else for specific pages. It's not at all clear you can use two different Federated services. I'm not an ADFS expert, but I believe another possibility would be to set up a trust between the two AD forests (i.e., the public AD trusts the internal AD and redirects any requests to the other ADFS server.) Unfortunately, the customer has said they've tried setting up trusts for other projects with no success.
Does anyone have any experience trying to address this situation?
We have been asked to provide SSO capability for a customer's new Episerver CMS site. But they have 2 Active Directory forests, an internal one for their employees who will be the administrators and content authors, and an external one which they want to use to control access to restrictred areas of the site for their customers.
I know how to set up the environment using Federated security for either one of these cases alone. And I have seen the documentation on mixed-mode authentication - though that talks about using Federated security as the default and something else for specific pages. It's not at all clear you can use two different Federated services. I'm not an ADFS expert, but I believe another possibility would be to set up a trust between the two AD forests (i.e., the public AD trusts the internal AD and redirects any requests to the other ADFS server.) Unfortunately, the customer has said they've tried setting up trusts for other projects with no success.
Does anyone have any experience trying to address this situation?