Identity Federation And Interoperability Using Web Browsers

Recently, I had the opportunity to delve into the operation of the Microsoft AD FS 2.0 and Windows Azure ACS 2.0 services, especially for configuring them as gateways between different Identity Federation protocols.

More in details, I have setup up a lab with the following protocols and standards:

  • WS-Federation (Passive Requestor Profile)
  • SAML 2.0 Protocols, Bindings and Profiles
  • OpenID 2.0
  • OAuth 2.0

Specifically, I have set up a demo environment where the authentication for accessing a single SharePoint Server 2010 web site or a single custom ASP.NET web site can be performed by specifying user credetials available on a wide set of different identity providers:

  • Active Directory (directly from SharePoint or through AD FS)
  • Shibboleth (allowing the authentication against an LDAP of type AD LDS)
  • Windows Live ID, Google Accounts and Facebook (through Windows Azure ACS and AD FS)

This is a logical view of the demo environment:

If you are interested, please look at the following material:

I hope that you will find this information useful.