Active Directory Federation Services
Applies To: Windows Server 2008 R2
Active Directory® Federation Services (AD FS) is a component in the Windows Server® 2008 operating system that provides Web single-sign-on (SSO) technologies to authenticate a user to multiple Web applications over the life of a single online session.
Hierarchy of Managed Entities
Managed Entities
Name | Description |
---|---|
The Federation Service is a component of Active Directory Federation Services (AD FS) that can be installed independently from other AD FS components. The Federation Service functions as a security token service (STS). |
|
The Federation Service Proxy is a component of Active Directory Federation Services (AD FS) that can be installed independently from other AD FS components. The Federation Service Proxy functions as a proxy in a perimeter network (also known as a demilitarized zone or a screened subnet) for the Federation Service. |
|
The claims-aware agent is used on a Web server that hosts a claims-aware application to allow the querying of Active Directory Domain Services (AD DS) security token claims. A claims-aware application is a Microsoft ASP.NET application that uses claims that are present in an Active Directory Federation Services (AD FS) security token to make authorization decisions and provide additional application personalization. |
|
The Windows token-based agent is used on a Web server that hosts a Windows NT token-based application. The agent supports conversion from an Active Directory Federation Services (AD FS) security token to an impersonation-level Windows NT access token. A Windows NT token-based application is an application that uses Windows-based authorization mechanisms. |