ADFS Flashcards
What does ADFS stand for?
Active Directory Federation Service
What is IDP?
Identity Service Provider (EG. DC which has AD on it)
What does SP stand for?
Service Provider (aka Relying Party)
When you install ADFS, how many certificates do you get?
3 Certificates
What does the Federation generate and provide to the client when accessing thirdparty app?
Token + Claims
What does the Federation generate and provide to the client when accessing the third-party app?
Token + Claims (Via SAML or JWT)
Explain the process for end user trying to access relying party/application (eg. O365)?
- Application (eg O365) checks if there is a TRUST with FS.
- FS checks with AD/DC to confirm user identity (if located outside of the network)
- FS Provides End-User with a Signed Token + Claims Statement
- Token + Claims is given to the application
What if Federation Service also known as?
Claims provider
STS (Secure Token Service)
Explain the steps for a user to access SSO application if he is located outside of the firewall?
- External users redirected (via external DNS servers) to the company’s web proxy server
- Web Proxy confirms Identity with Proxy-> ADSF-> DC.
- DC -> ADFS (Claims+Token)-> WebProxy -> External user
What is Web Application Proxy (WAP)?
The proxy server is generally located at the DMZ (Perimiter Network), WAP provides external users access to web applications using Active Directory Federation Services (AD FS), and in this capacity the WAP functions as an AD FS proxy.
What is ADFS?
ADFS is a Federated Identity management solution which provides users with single sign-on access to systems and applications located outside of the firewall.
How is ADFS used with Azure AD?
On-prem ADFS needs to build a trust with Azure AD and then Azure AD manages the FS between AD Azure and (Relying Parties) applications such as SalesForce, Box
