About Simple and Chained ADFS Identity Providers
About Simple and Chained ADFS Identity Providers
When creating a SharePoint Server source, in the Authentication section, you must provide information related to your ADFS identity providers, if you use them to authenticate users (see Add or Edit a SharePoint Server Source).
If your authentication configuration uses only one ADFS identity provider, you have a Simple ADFS configuration (see Simple ADFS Identity Provider). If your users are authenticated using two ADFS identity providers trusting each other, you have a Chained ADFS configuration (see Chained ADFS Identity Providers).
You must choose the corresponding option in the Authentication section drop-down menu and enter the required information in the boxes underneath.
Simple ADFS Identity Provider
In a simple ADFS identity provider configuration, the ADFS identity provider is also the relying party for SharePoint. ADFS sends a token to SharePoint to confirm user authentication.
Chained ADFS Identity Providers
In a configuration with two chained ADFS identity providers, one of the ADFS servers authenticates users, and the other acts as a relying party for SharePoint. The two ADFS servers trust each other, and SharePoint trusts its relying party as well. When the ADFS identity provider authenticates a user, it sends a token to the ADFS relying party to confirm user authentication, and the ADFS relying party in turn confirms it to SharePoint.