Active Directory Federation Services

Day 1: As mentioned before Im in Redmond at an internal conference….saw some interesting stuff on Active Directory Federation Services (ADFS) to be included in Windows Server 2003 R2 that I thought was really hot and will really solve many of the Identity integration problems that businesses face today. Interestingly many of the SSO solutions available in the marketplace rely on credential caching and replaying to backend services. Then a integration/provisioning tool whizzes around and makes sure all the usernames and passwords sync up. Hmm…hardly token based SSO. Enter ADFS! Uses WS-* (webservices..yay!) to build identity trusts between disparate directories….read: integration with non-MSFT ones too. Will allow for true SSO rather than the credential caching/replaying exercise which is currently done today. You’ll still need to fix up your thick/rich client to support it though as often these logon interfaces wont even try to sign you on through a token based system as they hard-code prompt for username/passwords.