Benjamin Athawes
My feedback
-
128 votes3 comments · SharePoint Administration » on-premise Central Admin · Flag idea as inappropriate… · Admin →
Benjamin Athawes supported this idea ·
-
41 votes
Benjamin Athawes supported this idea ·
-
73 votes2 comments · SharePoint Administration » on-premise Central Admin · Flag idea as inappropriate… · Admin →
Benjamin Athawes supported this idea ·
-
62 votes
Benjamin Athawes supported this idea ·
-
241 votes
An error occurred while saving the comment Benjamin Athawes shared this idea ·
-
23 votes
An error occurred while saving the comment Benjamin Athawes commented
Russ Maxwell blogged about this. I think you can set /_trust/ as the custom sign in page for the default zone, which negates the need for an additional zone. I've briefly tested this solution and it appears to work. http://blogs.msdn.com/b/russmax/archive/2014/10/31/bypassing-multiple-authentication-providers-in-sharepoint-2013.aspx
Nonetheless, it would be nice for this to "just work", rather than having to implement this slightly obscure workaround.
FWIW, most of the organisations I've worked with to implement SharePoint and SAML claims *have* used AD. SAML has been used to simplify identity federation. I agree that including a directory-agnostic People Picker and Claims Provider would be unrealistic, but compatibility with AD would be a good start in my book.