{"id":1076,"date":"2010-01-08T17:30:49","date_gmt":"2010-01-09T01:30:49","guid":{"rendered":"\/?p=1076"},"modified":"2010-01-08T17:43:33","modified_gmt":"2010-01-09T01:43:33","slug":"federation-with-adfs-in-windows-server-2008","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1076","title":{"rendered":"Federation with ADFS in Windows Server 2008"},"content":{"rendered":"<p><a href=\" http:\/\/aws.typepad.com\/aws\/2009\/12\/hello-world.html\" class=\"broken_link\">Steve Riley<\/a> at <a href=\"http:\/\/aws.amazon.com\/\">Amazon <\/a>takes a fascinating and\u00a0non-ideological approach on his new blog.\u00a0 The combination\u00a0will keep me tuned in &#8211; I expect others\u00a0will feel the same way.\u00a0 He <a href=\"http:\/\/feedproxy.google.com\/~r\/AmazonWebServicesBlog\/~3\/S1esZpHc_XY\/federation-with-adfs-in-windows-server-2008.html?utm_source=feedburner&amp;utm_medium=email\" class=\"broken_link\">writes<\/a>:<\/p>\n<p style=\"line-height: 16.8pt; margin: 12pt 0in 2.25pt; padding-left: 30px;\"><span style=\"line-height: 140%; font-family: \">&#8220;As I&#39;ve talked with customers who have deployed or plan to deploy <a href=\"http:\/\/aws.amazon.com\/windows\/\"><strong><span style=\"color: #000099; text-decoration: none; text-underline: none;\">Windows Server 2008<\/span><\/strong><\/a> instances on Amazon EC2, one feature they commonly inquire about is <a href=\"http:\/\/en.wikipedia.org\/wiki\/Active_Directory_Federation_Services\"><strong><span style=\"color: #000099; text-decoration: none; text-underline: none;\">Active Directory Federation Services<\/span><\/strong><\/a> (ADFS). There seems to be a lot of interest in ADFS v2 with its support for <a href=\"http:\/\/en.wikipedia.org\/wiki\/WS-Federation\"><strong><span style=\"color: #000099; text-decoration: none; text-underline: none;\">WS-Federation<\/span><\/strong><\/a> and <a href=\"http:\/\/msdn.microsoft.com\/en-us\/security\/aa570351.aspx\"><strong><span style=\"color: #000099; text-decoration: none; text-underline: none;\">Windows Identity Foundation<\/span><\/strong><\/a>. These capabilities are fully supported in our <a href=\"http:\/\/aws.amazon.com\/windows\/\"><strong><span style=\"color: #000099; text-decoration: none; text-underline: none;\">Windows Server 2008 AMI<\/span><\/strong><\/a>s and will work with applications developed for both the &#8220;public&#8221; side of AWS and those you might run on instances inside Amazon VPC.<\/span><\/p>\n<p style=\"line-height: 140%; padding-left: 30px;\"><span style=\"line-height: 140%; font-family: \">&#8220;I&#39;d like to get a better sense of how you might use ADFS. When you state that you need &#8220;federation,&#8221; what are you wanting to do? I imagine most scenarios involve applications on Amazon EC2 instances obtaining tokens from an ADFS server located inside your corporate network. This makes sense when your users are in your own domains and the applications running on Amazon EC2 are yours.<\/span><\/p>\n<p style=\"line-height: 140%; padding-left: 30px;\"><span style=\"line-height: 140%; font-family: \">&#8220;Another scenario involves a forest living entirely inside Amazon EC2. Imagine you&#39;ve created the next killer SaaS app. As customers sign up, you&#39;d like to let them use their own corpnet credentials rather than bother with creating dedicated logons (your customers will love you for this). You&#39;d create an <em><span style=\"font-family: \">application domain<\/span><\/em> in which you&#39;d deploy your application, configured to trust tokens only from the application&#39;s ADFS. Your customers would configure their ADFS servers to issue tokens not for your application but for your application domain ADFS, which in turn issues tokens to your application. Signing up new customers is now much easier.<\/span><\/p>\n<p style=\"padding-left: 30px;\"><span style=\"font-family: \">&#8220;What else do you have in mind for federation? How will you use it? Feel free to join the discussion. <a href=\"http:\/\/developer.amazonwebservices.com\/connect\/thread.jspa?threadID=40827&amp;tstart=0\" target=\"_blank\"><strong><span style=\"color: #000099; text-decoration: none; text-underline: none;\">I&#39;ve started a thread on the forums<\/span><\/strong><\/a>, please add your thoughts there. I&#39;m looking forward to some great ideas.&#8221;<\/span><\/p>\n<p><span style=\"font-family: \">I really look forward to this.\u00a0 Let&#39;s see where\u00a0it goes&#8230;\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-family: \">Given\u00a0the mail I get from mutual customers, I\u00a0know Steve will end up with some interesting insights.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The identity metasystem will drive cloud computing across cloud providers&#8230;  a win-win for eveyone involved with software and services &#8211; be they vendors or customers&#8230;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[37,43,2],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1076"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1076"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1076\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}