Review - ADFS v1 & Preview - ADFS v2

Active Directory Federation Service (ADFS) is a component of Active Directory released as part of Windows Server 2003 R2. ADFS v1 can be used in various B2B/B2E/B2C Web Single Sign On and Identity Federation scenarios.

Pros:

- Enable Federated SSO between organizations

- Enable Extranet SSO within the same corporate environment

- Support either password and client cert/smart card logon

- AD and ADAM intergration

- Easy installation (ADFS-A, ADFS-R, ADFS-Proxy, ADSF-Web Agent)

Cons:

- NT Token based and Claims based web app support only

- Requires Windows Server R2 and ADFS web agent installation on IIS web server

- Everyone with machine join rights can setup ADFS Account server and Resource server (corporate may lose controll without security policy)

- No CardSpace support

Overall Rating:

8 out of 10

(0-2: fail to work, 3-5: work in demo/test environment, 6-8: work in production environment, 9-10: excellent quality, great value, highly recommended)

ADFS v2, to be released in Longhorn Server timeframe, will add support for:

- Rich client web service apps

- Windows CardSpace

- Others (undecided yet, such as manageability, SAML 2.0 support, brokered authentication ...)