Forum Discussion
I need a guide for SP2016 on prem setting up WAP and ADFS
I can understand the people picker issue. I also wondered, if a SharePoint 2016 site were converted from WIA to SAML, are all of the internal references to users (like item lists 'created by', 'modified by') messed up? If they currently reference #0!:domain\FLastname using WIA, do they have to be converted to another format using SAML? If so, that sounds like a scary proposition.
You mentioned that we can remain with SharePoint in WIA, but then we would have to connect WAP to our domain. In doing so, this comes with certain risks of it's own regarding security. Do you feel the security risk to be minimal? Is it something people just don't worry about? Or is there other safeguards that we should consider implementing?
For example, our WAP sits in the DMZ outside the firewall. Should we be looking into specific firewall rules? Special ADFS settings? MIM?
Thanks for you assistance. ... I see you wrote a book about SP2016. I'll suggest to my boss to purchase it.
- When you do the conversion, you use Convert-SPWebApplication which updates the references across the farm.
As for the risk of WAP being domain joined, that is primarily dependent on your security policy and strategy. Does it have more risks than a machine in a workgroup? I suppose it might if someone compromised the machine and gained local access. But there's always ways to mitigate these issues.
As far as ADFS/MIM, nothing changes there when using WIA.