asked on Sharepoint authentication cross forest
Hi
I have a domain (domain1.local) with adfs and sharepoint. I want to have some users that are part of another forest (domain2.local) authenticate through adfs to access sharepoint.
I have a full 2-way trust between the domains. Is there another configuration needed in the adfs side to get the authentication to work? I can add new claims and pinpoint to groups in the forest domain2.local, but i get the following error:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
https://intranat.externaldomain.se
Exception details:
Microsoft.IdentityServer.A
I have a domain (domain1.local) with adfs and sharepoint. I want to have some users that are part of another forest (domain2.local) authenticate through adfs to access sharepoint.
I have a full 2-way trust between the domains. Is there another configuration needed in the adfs side to get the authentication to work? I can add new claims and pinpoint to groups in the forest domain2.local, but i get the following error:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
https://intranat.externaldomain.se
Exception details:
Microsoft.IdentityServer.A
Microsoft SharePoint* Active Directory Federation Services (ADFS)
Last Comment
carlos soto
ASKER
hi alex
these are 2 different domains, in separate AD forest. These domains are not synchronized to Azure AD, they are only present locally.
So the scenario is:
user from dimain2.local authtenticates to adfs in domain1.local, to access sharepoint in domain1.local. In my understanding the adfs server, through a relaying party trust and a claim, should ask the domain controllers in domain2.local to verify the users credentials
am i wrong or am i missing something ?
br
Carlos
these are 2 different domains, in separate AD forest. These domains are not synchronized to Azure AD, they are only present locally.
So the scenario is:
user from dimain2.local authtenticates to adfs in domain1.local, to access sharepoint in domain1.local. In my understanding the adfs server, through a relaying party trust and a claim, should ask the domain controllers in domain2.local to verify the users credentials
am i wrong or am i missing something ?
br
Carlos
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
That's not indicative of another forest but another domain, can you please confirm?
Also, from my understanding you need to make sure that the UPN suffixes in each forest match the registered domain in Azure AD.