Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

active directory - AD vs ADFS vs LDAP: Explain it like I'm 5

I don't work with Microsoft but I'm struggling understanding conceptually how AD, ADFS and LDAP work together.

Let's say I have an application that needs an Identity Provider. How does AD and LDAP come into play?

My googling hasn't come up with a clear summary of these concepts for me, but if there is a resource that exists, please do point me towards it.

question from:https://stackoverflow.com/questions/51006871/ad-vs-adfs-vs-ldap-explain-it-like-im-5

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

AD and LDAP contain user attributes e.g. first name, last name, phone number.

They also contain a user login and password and roles (groups) so can be used for authentication and authorisation.

This authentication mainly uses Kerberos.

In the Microsoft world, AD is the main player but if you want a "simple" AD, you can use ADAM / LDS that is essentially an LDAP.

ADFS (an IDP) sits on top of these and provides a federation layer.

Federation is a concept whereby users from company A can authenticate to an application on company B but using their company A credentials.

It uses one of three federation protocols to do this:

  • SAML 2.0
  • WS-Federation
  • OpenID Connect

The result is a SAML token or a JWT (OpenID Connect) that contains a set of attributes from an AD for that user. These list of attributes to provide are configured in ADFS via claims rules and the attributes in the token are referred to as claims.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...