Removal of ADFS in tech stack?

[3boysdad]

I think I noticed that the church, for its web sites, stopped using ADFS (Active Directory Federated Service) back in July and moved over to another technology for perform SAML based authentication and STS (secure token service) to provide authorization services (AA).

So a few questions - sadly likely won't make it to the conference to bend a few years.

First - what did you change to? Appears to be either home grown or something produced by Adobe.
Second - what business problems were being solved by the move? What were the goals of the change?
Third - frankly i'm impressed by the change over, zero issues on my end and now it seems that both mobile and web use the same STS - so what did you to prep for this change over?

[russellhltn]

Welcome! This forum is mostly user-to-user support with an occasional employee stopping by.

I doubt if most people get that deep, so I'm not sure as you'll get an answer.

[3boysdad]

One can hope...I did have trepidation about posting such a topic. It felt off topic based upon other posts. But as I won't be making the conference I thought it might not hurt to ask...especially if there's an employee lurking about.

We effectively starting using the same tech stack about two years after looking at what others (including LDS.org) did for their STS. There are some problems in our implementation of ADFS - however, most revolve around 3rd party relying parties (RP's) that don't necessary care or will not apply a business rule in their delivered application based upon an assertion being sent over the wire. ADFS, like it should, prevents us interfering in the flows - so we can't prevent a redirect to the RP if say the customer hasn't paid their bill for the month.