I work for a company that offers a SaaS solution. We currently allow customers to SSO in using ADFS on their side and we are the Service Provider accepting a SAML assertion. We seem to get a large number of people requesting SSO via LDAP though. I understand that LDAP is the protocol to authenticate users on an AD network. I'm wondering – is this synonymous with ADFS or are they talking about something else?
If ADFS isn't necessarily the best practice for LDAP authentication over the internet, could someone give me a high level explanation on how we would authenticate against another website using LDAP?
Best Answer
AD is an "extension" of LDAP in that it does more but still handles the normal LDAP query strings etc.
When people talk about LDAP they are normally referring to ADAM / OpenLDAP / OpenDS etc.
ADFS v3.0 only works against AD. The next version (ADFS vNext) will work against LDAP.
The easiest way is to federate ADFS with something that does support LDAP e.g. Shibboleth or simpleSAMLphp.