Review - ADFS v1 & Preview - ADFS v2
Active Directory Federation Service (ADFS) is a component of Active Directory released as part of Windows Server 2003 R2. ADFS v1 can be used in various B2B/B2E/B2C Web Single Sign On and Identity Federation scenarios.
Pros:
- Enable Federated SSO between organizations
- Enable Extranet SSO within the same corporate environment
- Support either password and client cert/smart card logon
- AD and ADAM intergration
- Easy installation (ADFS-A, ADFS-R, ADFS-Proxy, ADSF-Web Agent)
Cons:
- NT Token based and Claims based web app support only
- Requires Windows Server R2 and ADFS web agent installation on IIS web server
- Everyone with machine join rights can setup ADFS Account server and Resource server (corporate may lose controll without security policy)
- No CardSpace support
Overall Rating:
8 out of 10
(0-2: fail to work, 3-5: work in demo/test environment, 6-8: work in production environment, 9-10: excellent quality, great value, highly recommended)
ADFS v2, to be released in Longhorn Server timeframe, will add support for:
- Rich client web service apps
- Windows CardSpace
- Others (undecided yet, such as manageability, SAML 2.0 support, brokered authentication ...)