Microsoft ADFS (Active Directory Federation Services) provides secure SSO (Single Sign-On) and identity federation within an ADFS deployed environment. In its simplest form it can be used to provide authentication against Active Directory for claims-aware applications such as Office 365, Outlook on the web or Sharepoint to name but a few Web SSO.
Using standards-based identity federation allows trust relationships between federated third parties such as partner organisations or applications hosted within cloud environments. Whenever authentication is required across organisational boundaries (between otherwise autonomous security domains) a federation trust can be created Federated Web SSO.
You can deploy Federation Servers within your LAN or leverage the ADFS Proxy role within your DMZ allowing secure deployment alongside your applications. A load balancer can be deployed in front of either Federation Server or Federation Server Proxies providing both scalability and high availability to ADFS deployments.
Example deployment utilizing 2 HA pairs. HA pair 1 is used to load balance the ADFS Proxy’s located in the DMZ, HA pair 2 is used to load balance the ADFS Servers on the internal LAN.
|Protocol||Role||Ports||Load balancing methods|
|TCP/HTTPS||WEB SSO||443||Layer 7 TCP Mode|