Professional Documents
Culture Documents
Module 8
Overview of AD FS
Deploying AD FS
Implementing AD FS for a Single Organization
• Deploying AD FS in a B2B Federation Scenario
Lesson 1: Overview of AD FS
Identity Federation:
• Enables distributed identification, authentication, and
authorization across organizational and platform
boundaries
• Requires a federated trust relationship between two
organizations or entities
• Enables organizations to retain control over who can
access resources
• Enables organizations to retain control of their user and
group accounts
• Can be used within a single organization
What Is Claims-Based Identity?
Web services:
• Are developed using industry standards such as XML,
SOAP, WSDL, and UDDI
• Define the security specifications used by identity
federation systems
• Define the SAML standard for exchanging claims between
federation partners
What Is AD FS?
Perimeter Corporate
Network Network
AD DS Domain
Controller
6
7
7 Federation
4 5
T Service
Proxy
3
2
Federation Server
1 8
External Client
Web Server
How AD FS Enables SSO in a Business-to-Business
Federation
Active Directory
Account Resource
Federation Server Federation Server
8
5 10
4
9
3
2
Web Server
Internal Client 1 11
Computer
How AD FS Enables SSO with Online Services
7 Federation Trust
6
Active Directory
9
3
2
Outlook Web
Client Computer 1 11
App server
Lesson 2: Deploying AD FS
AD FS Components
AD FS Prerequisites
PKI and Certificate Requirements
Federation Server Roles
• Demonstration: Installing the AD FS Server Role
AD FS Components
AD FS Components
AD FS:
• Provides a default set of built-in claims
• Enables the creation of custom claims
• Requires that each claim have a unique URI