Imagine I have ADFS sitting on top of AD and lots of internal users who log in to a claims-aware application and get claims from the AD.
At the same time we have external users who have to first register and then subsequently login with their registered external identity.
Azure ACS is a STS that I can federate with ADFS. This allows external users to log in using Yahoo / Facebook / Google etc.
Now imagine that we want to allow existing external users to be able to login with e.g. their existing Yahoo account.
How do I associate e.g. their Yahoo credentials with the information that is stored in the AD?
What information would be required for new external users when registering so that they could select e.g. their existing Yahoo account as their login yet still be able to find their correct identity within AD?
