Chapter 21. Active Directory Federation Services

As services have transitioned from the corporate datacenter to platforms hosted externally in the “cloud,” the need for a mechanism to extend authentication has evolved substantially. Microsoft’s answer to this is Active Directory Federation Services (ADFS). ADFS is a standalone service that carries the Active Directory brand, so naturally it is expected that Active Directory administrators will be prepared to deploy and manage ADFS.

In reality, ADFS is a skillset in its own, so we’ll take the opportunity in this chapter to introduce the service and discuss the basics of deploying and configuring it. If you’ve ever done any web development, you’ll probably find many of the concepts of ADFS and identity federation in general to be far more familiar than others who are coming in with a purely infrastructure-based background.

No doubt, either way you’ll find many of the fundamental concepts of identity federation to be strikingly similar to concepts that have existed since the early days of Active Directory (and even earlier with NT domains). If you explore the federated identity space, you’ll discover that this space is crowded and numerous vendors have solutions to this problem. Fundamentally, many of these solutions are functionally very similar. We’ll limit our discussion in this chapter to ADFS, but many of the concepts we discuss apply broadly across the market.

21.1. Introduction to Federated Identity

Fundamentally, the idea behind ...

Get Active Directory, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.