“Active Directory Federation Services”的意思、由来-开放百科全书

Active Directory Federation Services (AD FS), a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and to implement federated identity.^[1] Claims-based authentication involves authenticating a user based on a set of claims about that user's identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication.^[2] It is part of the Active Directory Services.

In AD FS, identity federation^[3] is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity. On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

AD FS integrates with Active Directory Domain Services, using it as an identity provider. AD FS can interact with other WS-* and SAML 2.0-compliant federation services as federation partners.^[4]

Versions

See also

References

1. ^{{cite web|url= https://technet.microsoft.com/en-us/library/adfs2-help-introducing(v=ws.10).aspx|publisher= Microsoft TechNet|title= Introducing AD FS 2.0 | date=May 2, 2010 | accessdate=March 2, 2017}}
2. ^{{cite web | url=https://msdn.microsoft.com/en-us/library/ff359101.aspx | title=An Introduction to Claims | publisher=MSDN | date=2016 | accessdate=May 26, 2016}}
3. ^{{cite web | url=https://www.techopedia.com/definition/13617/federated-identity-management-fim | title=What is Federated Identity Management? | publisher=Technopedia | date=2016 | accessdate=May 26, 2016}}
4. ^{{cite web | url=https://blogs.technet.microsoft.com/askpfeplat/2014/11/02/adfs-deep-dive-comparing-ws-fed-saml-and-oauth/ | title=ADFS Deep Dive | publisher=MSDN | date=November 2, 2014 | accessdate=May 18, 2016}}
5. ^{{cite web | url=https://www.tatvasoft.co.uk/blog/adfs-configuration-in-windows-server-2012-r2-standard-with-sharepoint-2013/ | title=ADFS Configuration in Windows Server 2012 R2 Standard | publisher=TatvaSoft | date=2018 | accessdate=September 19, 2018}}

External links

AD FS 2.0 Content Map

AD FS TechNet Library

[https://msdn.microsoft.com/en-us/library/bb897402.aspx AD FS MSDN Library]

[https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server AD FS in Server 2016 What's new]

4 : 2008 software|Windows Server|Windows Server 2008|Windows Server 2008 R2