Federated Identity Management : AD FS for single sign-on and federated identity management

Abstract: Organizations are continuously expanding their use of computer ser-vices. As the number of applications in an organization grows, so does the load on the user management. Registering and unregistering users both from within the organization and also from partner organizations, as well as managing their privileges and providing support all accumu-lates significant costs for the user management. FIdM is a solution that can centralize user management, allow partner organizations to feder-ate, ease users’ password management, provide SSO functionality and externalize the authentication logic from application development. An FIdM system with two organizations, AD FS and two applications have been deployed. The applications are constructed in .NET, with WIF, and in Java using a custom implementation of WS-Federation. In order to evaluate the system, a functional test and a security analysis have been performed. The result of the functional test shows that the system has been implemented successfully. With the use of AD FS, users from both organizations are able to authenticate within their own organization and are then able to access the applications in the organizations without any repeated authentication. The result of the security analysis shows that the overall security in the system is good. The use of AD FS does not allow anyone to bypass authentication. However, the standard integra-tion of WIF in the .NET application makes it more susceptible to a DoS attack. It has been indicated that FIdM can have positive effects on an organization’s user management, a user’s password management and login procedures, authentication logic in application development, while still maintaining a good level of security.