Reputation: 3
WS Federation: Is SSO apart of the WS Federation specification?
When using a passive client (say web browser) and are using WS Federation with an STS such as ADFS, SSO is achieved to the relying parties. Is this apart of the WS Federation specification (that is, when using passive clients SSO will be achieved with WS Federation) or is this an implementation detail of ADFS (that is, ADFS sets a cookie so you only need to authenticate to ADFS once.. just beacuse the Microsoft developers thought it would improve user experience)?
Upvotes: 0
Views: 193
Answers (1)
Reputation: 1628
It is a standard which is also supported by many other products.
https://en.wikipedia.org/wiki/WS-Federation_Passive_Requestor_Profile
http://janbernhardt.blogspot.com/2014/12/understanding-ws-federation-passive.html
WS-Federation Passive Requestor Profile is a Web Services specification - intended to work with the WS-Federation specification - which defines how identity, authentication and authorization mechanisms work across trust realms. The specification deals specifically with how applications, such as web browsers, make requests using these mechanisms. In this context, the web-browser is known as a "passive requestor." By way of contrast, WS-Federation Active Requestor Profile deals with "active requestors" such as SOAP-enabled applications. WS-Federation Passive Requestor Profile was created by IBM, BEA Systems, Microsoft, VeriSign, and RSA Security.[1]
Upvotes: 1
Related Questions
- SSO in Development environment
- SSO and OAuth Confusion
- SSO via ADFS for Office 365 (SharePoint Online)
- Can we implement SSO federation in ADFS using multiple relying parties?
- SSO using Active Directory Federation Services on my .NET (C#) Application
- ADFS 2.0 IDP-Initiated SSO
- Does ADFS 2.0 with WS-Federation support IdP-initiated SSO?
- Is federation a valid approach for cross-domain SSO In case all the RPs and the STS are developed internally?
- ADFS 2.0, SSO and SAML 2.0
- SAML IDP, ADFS 2.0 SP & WS-Fed Application