What is AD FS (Active Directory Federation Services) ?

By -

 

AD FS (Active Directory Federation Services) is a Microsoft identity and access management solution that provides Single Sign-On (SSO) and federated identity capabilities. AD FS enables users to access multiple applications or services across organizational boundaries without the need to log in separately to each one. It facilitates secure authentication and authorization for users from different domains or organizations.

Here's a use case with a live example of AD FS:

Use Case: Federated Single Sign-On for Partner Organizations

Scenario: Company A has an internal web application used by its employees for accessing sensitive corporate data. Company B, a partner organization, needs access to this application for collaboration. Both companies want their users to access the application seamlessly without the need for separate credentials.

Solution Using AD FS:

  1. Deployment of AD FS Servers:

    • Company A deploys AD FS servers within its network. These servers act as the identity provider (IdP) and handle authentication requests for Company A's users.

  2. Federation Trust Setup:

    • Company A establishes a federation trust with Company B. This trust is a mutual agreement that allows Company B's users to authenticate with their own identity provider (e.g., their own AD FS) and access Company A's application.

  3. Claims-Based Authentication:

    • Both Company A and Company B configure their AD FS servers to use claims-based authentication. Instead of sending actual user credentials, AD FS sends claims (attributes) about the user to the application.

  4. SAML-Based Authentication:

    • Security Assertion Markup Language (SAML) is often used for exchanging authentication and authorization data between identity providers (e.g., Company B's AD FS) and service providers (e.g., Company A's application).

  5. User Access Flow:

    • A user from Company B wants to access Company A's application.
    • The user accesses the application and is redirected to Company B's AD FS for authentication.
    • Company B's AD FS performs the user authentication and sends a SAML token containing claims about the user's identity back to the application.
    • The application trusts the SAML token because of the federation trust, and it grants access to the user based on the claims in the token.

Live Example:

  • Suppose Company A uses AD FS to secure its internal application, and Company B uses its own AD FS as an identity provider for its users.
  • A user from Company B needs access to Company A's application. The user goes to the application's login page.
  • Instead of providing separate login credentials for Company A's application, the user is redirected to Company B's AD FS for authentication.
  • Company B's AD FS authenticates the user based on its own user database.
  • After successful authentication, Company B's AD FS generates a SAML token containing claims about the user's identity.
  • This SAML token is sent back to Company A's application.
  • Company A's application trusts the SAML token because of the federation trust established between the two organizations.
  • The user is granted access to Company A's application without needing to enter separate credentials.

AD FS simplifies the user experience and enhances security in scenarios where organizations need to collaborate and share resources securely across boundaries. It's commonly used in business-to-business (B2B) scenarios, cloud identity federation, and scenarios involving partner organizations.

Comments

Post a Comment

Popular posts from this blog

CCNA Router and Catalyst Switch IOS Command Reference

By -
CCNA Router and Catalyst Switch IOS Command Reference By Jamison Schmidt This reference guide provides router and switch commands to help you prepare for Cisco's CCNA certification exam. This guide covers IOS version 11 and higher. We will try to get VLSM and Supernetting commands added for the new 640-801 CCNA exam. Reference Quick Links Router Commands Show Commands Catalyst Commands Router Commands Terminal Controls: ·   Config# terminal editing - allows for enhanced editing commands ·   Config# terminal monitor - shows output on telnet session ·   Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks Host Name: ·   Config# hostname ROUTER_NAME Banner: ·   Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message Descriptions: ·   Config# description THIS IS THE SOUTH ROUTER - can be entered ...
Read more

Network Technologies

By -
Image
Common Networking Protocols TCP - TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data. IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP. UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery. ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities. SMTP - Used to reliably send and receive mail over the Internet. FTP - ...
Read more

About myself

By -
With a track record of delivering innovative IT solutions and optimizing technology infrastructure, Prashant Shrivastava is the driving force behind the organization's digital transformation journey from 2007. Expertise in ERP Implementation: Prashant Shrivastava brings a wealth of experience in Enterprise Resource Planning (ERP) implementation, having successfully overseen multiple projects. ERP systems are vital for streamlining business processes, enhancing data visibility, and improving decision-making. He possesses a deep understanding of ERP modules, such as finance, human resources, supply chain, and customer relationship management, ensuring seamless integration across all departments. Infrastructure Administration and System Administration: As a Head of IT, Prashant Shrivastava has a strong foundation in both Infrastructure and System Administration. This expertise includes managing servers, networks, databases, and ensuring the overall stability and security of the IT env...
Read more