Shulou(Shulou.com)06/02 Report--

ADFS can exist as a single server or as a cluster.

There can be multiple independent adfs in a domain, and they do not interfere with each other and do not have any relationship. That is, multiple adfs systems are allowed to provide to different services. For example, there can be a federated authentication server for adfs.y.com and a federated authentication server for sso.y.com in y.com, which are independent of each other.

Another situation is the cluster of adfs, which is divided into two cases.

One is to use windows built-in database

One is to use a sql database.

The difference is that adfs, which uses the windows built-in database, has a master server, and the other is a slave server, where the master server can write to the adfs database, while the other slave servers can only provide adfs authentication, and the database is readable but not writable. You can also provide adfs services normally, but when you want to configure the system, you can only configure the master server, such as adding a trustside configuration, but the slave server cannot.

With sql database, there is no dependency. Any ADFS server can be configured and automatically synchronized to all servers.

The following is an introduction to an article, reproduced from: http://www.myexception.cn/dynamics-crm/2155784.html

The default topology Active Directory federated authentication service (AD FS) is a federated server farm that uses the Windows internal database (WID). In this topology, AD FS joins the AD FS configuration database of the farm using WID as storage for all federated servers. The server farm replicates and maintains federated authentication service data in the configuration database of each server in the farm. Enable organizations with 100 or fewer trusted parties to configure federated server farms with up to 30 servers using WID in AD FS Windows Server 2012 R2.

Creating the operation in the first federated farm also creates a new federated authentication service. When you use WID's AD FS configuration database, the first federation server created in the server farm is called the primary federation server. This means that this computer configures a read / write copy of the AD FS configuration database.

All other federation servers configured for this farm are called secondary federation servers because they must replicate any changes made by the primary federation server to a read-only copy of their locally stored AD FS configuration database.

The following table provides a summary of using the WID farm. Use it to plan your implementation.

1-100 RP trust

More than 100 RP trusts

1-30 AD FS nod

WID support

The required SQL for using WID is not supported

More than 30 AD FS nodes

The required SQL for using WID is not supported

The required SQL for using WID is not supported

Advantages and disadvantages of this topology diagram:

1. WID comes with Windows;, so there is no need to buy SQL Server

2. Provide SSO access to internal users

Topology Diagram:

Note:

If a failure occurs on this single NLB host, users cannot access federated applications or services. If your business requirements do not allow a single point of failure, add additional NLB hosts.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.