0

As far as I know, Exchange does support WS-Federation, but it does not support SAML. At the same time I have IDP that does support SAML, but does not support WS-Federation.

Is it possible to configure ADFS as proxy? For example: Exchange OWA/ECP -> redirect to ADFS using WS-Fed -> and ADFS speaks to IDP using SAML -> user is getting transparently authenticated using IDP?

Thank in advance.

Oleksii
  • 145
  • 2
  • 7

2 Answers2

0

Yes, it's possible to mix protocols.

By default, the user would be redirected to the ADFS screen and there would be a button there (Home Realm Discovery) that would take you to the SAML IDP to authenticate.

Depending on your use case, this may help in that regard.

rbrayb
  • 1,108
  • 1
  • 12
  • 20
  • Thank you. I have read a bit about adding Claims Provider Trust. In Windows 2019 that I'm using I do not see option to specify SAML endpoint, like I could see at the screenshots of the previous versions. Even on the official documentation if one goes to step 'Configure URL' on the page below it displays only an option for WS-Federation endpoint ( https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-claims-provider-trust – Oleksii Nov 05 '21 at 07:01
  • https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-saml2-settings#configure-ad-fs-by-using-powershell – rbrayb Nov 05 '21 at 08:52
0

Here are some information for your reference and hope these are helpful to you: Redirecting on-premise Exchange Server 2019 OWA and ECP authentication to AD FS and Use AD FS claims-based authentication with Outlook on the web

Joy Zhang
  • 1,057
  • 1
  • 5
  • 5
  • Thank you. I have read a bit about adding Claims Provider Trust. In Windows 2019 that I'm using I do not see option to specify SAML endpoint, like I could see at the screenshots of the previous versions. Even on the official documentation if one goes to step 'Configure URL' on the page below it displays only an option for WS-Federation endpoint ( https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-claims-provider-trust – Oleksii Nov 05 '21 at 07:01