cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ADFS WAP Cross Domain constrained delegation

Peter Holland
Iron Contributor

‎Feb 06 2017 08:50 AM

‎Feb 06 2017 08:50 AM

ADFS WAP Cross Domain constrained delegation

Hi,

 

I have an interesting scenario and i'm not entirely sure on whether this will actually work or not, my current theory is not.

Also, apologies if this isnt the correct community for WAP discussion, couldnt see anywhere else appropriate

 

WAP and ADFS in Domain A in Forest 1, users in Domain B in Forest 2, however there is a direct domain trust rather than a forest trust.

 

Can you do KCD cross domain, to another forest, without a forest trust?

 

Reading through the documentation for WAP KCD everything states forest trust, reading through the documentation for S4u2Proxy it seems like it maybe should work, but is a little wooly about the path of the kerberos token and the flow of trust.

 

Any input appreciated, especially if it comes before i have to lab it.

 

thanks

 

Pete

Labels:
1,255 Views
0 Likes
0 Replies
Reply
0 Replies