Active directory federation services are
the solution for extending enterprise identity beyond corporate firewall. It
simplifies sharing identities between trusted partners across organizations. It’s
a common requirement in a typical business scenario, users in one organization
wants to access a secured application/website from an another organization.
Without ADFS, we'd end-up re-creating user logins for the partner company in
our AD. But that introduces the problem of maintaining and managing two
separate identities for the partner company users. Here is where ADFS comes to
the picture. It solves the problem by federating identities and establishing
single sign-on capability. SharePoint 2013 - ADFS integration is seamless as
its natively supported.
Generally, in SharePoint world, ADFS is
used in these three scenarios:
a. Domains which are not part of your AD forest (Such
as acquired companies without trusts established, with network connectivity
between them in place): User in one organization accesses an application in
another organization, so that you can collaborate across organizational
boundaries. Say for E.g. Your company is running an internal SharePoint
site/application and your partner company/acquired company wants to make use of
the same. across organizational
boundaries without duplicating user logins.
b. Extranet setups for partners/customers -
Accessing SharePoint application via the Internet, which extends the first
scenario to include remote Internet access who are outside the organization.
The external domain is still responsible for validate provided credentials and
pass it on the SharePoint.
c. Office 365/Cloud - You are running a SharePoint
farm either in Cloud or in Office 365 and want to provide access to the users
of your company without re-creating their identities in the cloud.
How the ADFS - SharePoint
authentication process works?
1. User types SharePoint site URL and picks the relevant authentication provider from the sign-in page.
2. SharePoint redirects to the respective ADFS server configured already, User promoted for credentials.
3. ADFS handles the authentication by Verifying the provided user name and password from the identity provider – AD.
4. ADFS creates a Token, Signs and puts it in a cookie. Redirects to SharePoint with that cookie.
5. SharePoint STS validates and extracts the claims from the token.
6. SharePoint performs authorization and connects the user to the web application.
1. User types SharePoint site URL and picks the relevant authentication provider from the sign-in page.
2. SharePoint redirects to the respective ADFS server configured already, User promoted for credentials.
3. ADFS handles the authentication by Verifying the provided user name and password from the identity provider – AD.
4. ADFS creates a Token, Signs and puts it in a cookie. Redirects to SharePoint with that cookie.
5. SharePoint STS validates and extracts the claims from the token.
6. SharePoint performs authorization and connects the user to the web application.
No comments:
Post a Comment