Active Directory Federation Services 2.0 (AD FS 2.0) Microsoft’s latest technology for supporting claims based identity, single sign-on and ultimately Federation. It offers organizations already using Active Directory an out-of-the-box, standards-based technology for collaborating with other organizations or with applications and resources outside of their control (security realm) such as Cloud. Users in one organization can be provided with access to web-based resources in another organization, (or different security realm in the same organization), without requiring a separate account. Solution Scenarios for AD FS 2.0:
Whats new with AD FS 2.0 The initial release of AD FS supported various specifications from the WS-* standards, including one known as the WS-Federation passive requestor profile, which allows requests to be made via standard web browsers. The newest release of AD FS, AD FS 2.0, provides support for another specification known as WS-Trust, which facilitates the use of smart clients that can communicate using direct communication between AD FS servers (typically using SOAP calls), rather than only providing support for browser-based web applications. AD FS 2.0 also provides support for the SAML 2.0 protocol, which provides interoperability with applications and claims providers from third-party vendors whose technologies leverage this open standard. AD FS 2.0 provides support for three of the most common SAML 2.0 interoperability profiles available today: IdP Lite, SP Lite, and eGov, each of which are primarily concerned with providing web single sign-on capabilities. | Federation Solution Components from Microsoft As a means of providing an end-to-end solution for federation and claims-based identity, Microsoft has two major components:
|