Need to edge out the competition for your dream job? Train for certifications today.
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Both TFIM and AD FS 2.0 support the SAML IdP Discovery Profile (http://go.microsoft.com/fwlink/?LinkId=210334) which provides standards-based cookie mechanism to determine a user’s IdP during SP-initiated SSO, when no IdP is otherwise explicitly stated. This contrasts with the default approach used in both products, where users self-select their IdP from a home realm discovery (AD FS 2.0) or “Where Are You From” (TFIM) web page.
Use of the IdP Discovery Profile requires the use of a common domain. IdP partners use this domain to write common domain cookies (CDC) using a CDC-writing service, while SP partners read those cookies using a CDC reading service.
AD FS 2.0 provides CDC writer and reader applications a folder called CDC.Web in the AD FS 2.0 application installation folder. To configure SAML IdP discovery in TFIM, select Identity Provider Discover form the SAML 2.0 Profile Details page in the Federation Wizard.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Please enter a first name
Please enter a last name
Must be at least 4 characters long.
Join and Comment