About Simple and Chained ADFS Identity Providers

When creating a SharePoint Server source, in the Authentication section, you must provide information related to your ADFS identity providers, if you use them to authenticate users (see Add or Edit a SharePoint Server Source).

If your authentication configuration uses only one ADFS identity provider, you have a Simple ADFS configuration (see Simple ADFS Identity Provider). If your users are authenticated using two ADFS identity providers trusting each other, you have a Chained ADFS configuration (see Chained ADFS Identity Providers).

You must choose the corresponding option in the Authentication section drop-down menu and enter the required information in the boxes underneath.

Simple ADFS Identity Provider

In a simple ADFS identity provider configuration, the ADFS identity provider is also the relying party for SharePoint. ADFS sends a token to SharePoint to confirm user authentication.

CCV2-ADFS_IdP-Simple

Chained ADFS Identity Providers

In a configuration with two chained ADFS identity providers, one of the ADFS servers authenticates users, and the other acts as a relying party for SharePoint. The two ADFS servers trust each other, and SharePoint trusts its relying party as well. When the ADFS identity provider authenticates a user, it sends a token to the ADFS relying party to confirm user authentication, and the ADFS relying party in turn confirms it to SharePoint.

CCV2-ADFS_IdP-Chained

Recommended Articles