When you're first making your design, Windows Active Directory Federation Services has a few options on how it can be installed:
Federation Services Federation Services is the essential architecture that provides the ability for users to sign on once in an environment. It does this through a sequence of designed trusts and grants that's decided on far in advance of the implementation of the feature. In general, Federation Services can implement single sign-on through one of three general federation designs, also known as federation scenarios : Web MCSE 2003 Certification, Federated Web SSO, and Federated Web SSO with Forest Trust.
Web SSO design In a straightforward Web SSO design, all users are external, and therefore no federation trusts exist because there aren't any partners. According to Microsoft, the primary reason an director would need a design such as this is if the organization had an application that needed to be accessed by users on the Web.
Federated Web SSO design Often companies merge, form partnerships, or oth-erwise need to share substructures and applications. Before AD FS, the only real way this should be accomplished is by creating separate accounts for each account, as well as a new series of policies and info to recollect as well as the existing passwords. Now, when eventualities like this happen, directors can incorporate a design policy that implements the concept of federation trusts. A federation trust is a type of agree-ment that?s made between two setups that gives them the facility to confirm users from one organization to be granted access to another. Federation trusts represented with one-way arrows point to the account side of the trust, as illustrated in 1.17.
A fast but very important point to consider before continuing is that federation trusts need two servers to authenticate. You can?t have a federation trust that authenticates to nothing.
Federation Services Federation Services is the essential architecture that provides the ability for users to sign on once in an environment. It does this through a sequence of designed trusts and grants that's decided on far in advance of the implementation of the feature. In general, Federation Services can implement single sign-on through one of three general federation designs, also known as federation scenarios : Web MCSE 2003 Certification, Federated Web SSO, and Federated Web SSO with Forest Trust.
Web SSO design In a straightforward Web SSO design, all users are external, and therefore no federation trusts exist because there aren't any partners. According to Microsoft, the primary reason an director would need a design such as this is if the organization had an application that needed to be accessed by users on the Web.
Federated Web SSO design Often companies merge, form partnerships, or oth-erwise need to share substructures and applications. Before AD FS, the only real way this should be accomplished is by creating separate accounts for each account, as well as a new series of policies and info to recollect as well as the existing passwords. Now, when eventualities like this happen, directors can incorporate a design policy that implements the concept of federation trusts. A federation trust is a type of agree-ment that?s made between two setups that gives them the facility to confirm users from one organization to be granted access to another. Federation trusts represented with one-way arrows point to the account side of the trust, as illustrated in 1.17.
A fast but very important point to consider before continuing is that federation trusts need two servers to authenticate. You can?t have a federation trust that authenticates to nothing.
About the Author:
Microsoft Exam, a service pro- viding a resource, has a trust established with MegaCorp, an organization with several accounts. Within MegaCorp, several users will need to log in to MegaCorp and have access to the services provided from MCITP Server Administrator.
No comments:
Post a Comment