What is ADFs?

ADFs stands for Active Directory Federation services.

 

ADFs is a Web-based Single Sign-On (SSO) standard. It enables federated identity by implementing claim based authentication between foreast ).

 

Claim Based Authentication is a process of user authentication. Its implementation is based on a series of claims about user identities installed in trusted tokens. such a token is usually generated and assigned by an entity that can authenticate the user through other channels, and this entity has to be trusted by the entity that implements claim based authentication.

In ADFs, identity Federation is achieved by establishing trust relationships between the security boundaries of the two organizations. the Federation server at one end (account side) authenticates a user in the standard mode of Active Directory domain services, and then generates a series of tokens containing claims related to the user, includes the Federation server entity itself. on the other end (resource side), another Federation server verifies the token and generates another token for the local server to accept the claimd identify. this allows the system to grant controllable access permissions to a user on another security boundary for its resources without requiring the user to directly log on to the system, the two systems do not need to share the user's identify and password.

ADFs is integrated with Active Directory domain services. Using domain services as identify provicer. ADFs can be compatible with other Federation services that comply with WS-* and SAML 2.0.

 

Translated from Wikipedia:

Active Directory Federation services

Http://en.wikipedia.org/wiki/Active_Directory_Federation_Services