HOME

TheInfoList



Click Here for Items Related To - Active Directory Federation Services
OR:
Active Directory Federation Services on:   [Wikipedia]   [Google]   [Amazon]

Active Directory Federation Services (AD FS), a
software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...
component developed by
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
, can run on
Windows Server Windows Server (formerly Windows NT Server) is a group of operating systems (OS) for servers that Microsoft has been developing since July 27, 1993. The first OS that was released for this platform was Windows NT 3.1 Advanced Server. With the r ...
operating systems to provide users with
single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...
access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and to implement
federated identity A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems. Federated identity is related to single sign-on (SSO), in which a ...
. Claims-based authentication involves authenticating a user based on a set of claims about that user's
identity Identity may refer to: * Identity document * Identity (philosophy) * Identity (social science) * Identity (mathematics) Arts and entertainment Film and television * ''Identity'' (1987 film), an Iranian film * ''Identity'' (2003 film), ...
contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication. It is part of the Active Directory Services.


Details

In AD FS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the accounts side) authenticates the user through the standard means in
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralize ...
Domain Services and then issues a token containing a series of claims about the user, including their identity. On the other side, the resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords. In practice a user might typically perceive this approach as follows: # The user logs into their local PC (as they typically would when commencing work in the morning). # The user needs to obtain information from a partner company's extranet website, for example to obtain pricing or product details. # The user navigates to the partner-company extranet site, for example: http://example.com. # The partner website now does not require any password to be typed in; instead, the user credentials (in a secure assertion) are passed to the partner extranet site using AD FS. # The user is now logged into the partner website and can interact with the website as if logged in. AD FS integrates with
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralize ...
Domain Services, using it as an identity provider. AD FS can interact with other
WS-* There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These specifications are the basic web services ...
and
SAML 2.0 Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens conta ...
-compliant federation services as federation partners.


Versions

* ADFS 1.0 - Windows Server 2003 R2 (additional download) * ADFS 1.1 - Windows Server 2008 and Windows Server 2008 R2 * ADFS 2.0 - Windows Server 2008 and Windows Server 2008 R2 (download from Microsoft.com) * ADFS 2.1 - Windows Server 2012 * ADFS 3.0 - Windows Server 2012 R2 * Windows Server 2016 AD FS - Windows Server 2016 * Windows Server 2019 AD FS - Windows Server 2019


See also

*
Claims-based identity Claims-based identity is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet. It also provides a consistent approach for applications runnin ...
*
Digital identity A digital identity is information used by computer systems to represent an external agent – a person, organization, application, or device. Digital identities allow access to services provided with computers to be automated and make it possibl ...
* Information Card *
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...
*
SAML Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based ...
*
Windows CardSpace Windows CardSpace (codenamed InfoCard) is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to ...
*
Windows Server 2012 Windows Server 2012, codenamed "Windows Server 8", is the sixth version of the Windows Server operating system by Microsoft, as part of the Windows NT family of operating systems. It is the server version of Windows based on Windows 8 and succe ...
*
Windows Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on Fe ...
*
WS-Federation WS-Federation (Web Services Federation) is an Identity Federation specification, developed by a group of companies: BEA Systems, BMC Software, CA Inc. (along with Layer 7 Technologies now a part of CA Inc.), IBM, Microsoft, Novell, Hewlett Pac ...
*
Office 365 Microsoft 365 is a product family of productivity software, collaboration and cloud-based services owned by Microsoft. It encompasses online services such as Outlook.com, OneDrive, Microsoft Teams, programs formerly marketed under the name Mic ...


References

{{reflist


External links


AD FS 2.0 Content Map

AD FS TechNet Library

AD FS MSDN Library

AD FS in Server 2016 What's new
2008 software Windows Server Windows Server 2008 Windows Server 2008 R2