Identity Federation is one of my favourite IT topics, maybe also because it is the foundation for any discussion about cyber security in a cloud-first world. And I am glad that Microsoft presented today at Ignite some cool new feature that will be included in the AD FS server role in Windows Server 2016, as well as some key improvements made to some great features already present in Windows Server 2012 R2. So let’s take a look at them!
The first great thing I noticed is the ability to authenticate users from LDAP v3 directories, such like AD LDS, Novell, OpenLDAP just to name few of them. This is because modern LDAP directories are modelled as a local claim provider (just like Active Directory is). This LDAP directories will show up as another Claims Provider in the home realm discovery for passive authentication. Login ID can be any attribute, but it has to be unique in the LDAP directory. For authentication to Office 365, the attribute chosen for authentication should be unique across al directories that are configured for authentication to Office 365. In other. Continue reading