Refuting "Issues" with AD FS

Thomas Higgins 1 Reputation point
2020-07-02T16:47:28.257+00:00

Hi All,

I am currently working in the UK University sector, and trying to setup AD FS for the use for federation with the "Jisc" network (essentially a set of pooled resources that Universities in the UK use). They are telling me that I should not use ADFS due to the "issues" they have had with it, and instead use Shibboleth.

They have provided me with the following evidence.

I am fairly familiar with AD FS, and I think some of the points that they have raised hasn't been my experience with AD FS. E.g their point two says that AD FS doesn't check the signature in the metadata request - in my experience that isn't correct (this can be changed via PowerShell with SignedSamlRequestsRequired)

Is there any substance to their claims?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,220 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vahid Ghafarpour 20,480 Reputation points
    2023-09-14T19:58:49.6566667+00:00

    Security is a critical concern in identity federation. While both AD FS and Shibboleth can be configured securely, the level of security largely depends on the implementation and configurations. It's essential to ensure that whichever solution you choose is configured following best practices and regularly updated to address security vulnerabilities.

    0 comments No comments