Understanding Identity with ADFS – Part 1

Identity is always something of a taboo subject and is still not clearly understood out there and the IT security landscape keeps evolving.

One of the recent changes past few years is a move away from (Access Control Lists) ACLs on files in the NTFS file system to an access control system that is based on claims.

Claims based authentication is an industry standard security protocol to authenticate users. This is the underlying WS-* standards that describe the usage of Security Assertion Mark-up Language (SAML) tokens. Claims based auth requires these tokens, and by extension an entity that can issue the token.

This is the Secure Token Service (STS). The STS server can be based on Active Directory Federation Services (ADFS) or other platforms that provide this service. This is where ADFS comes in and the highlight of this series.

Continue reading