Difference between adfs and azure AD

azure azure-active-directory adfs ws-federation
11,433

Solution 1

ADFS only handles authentication and authorisation. It does not handle user provisioning.

In that sense ADFS is not an Identity provider, It's just a STS.

You need separate instances of ADFS (auth.) and AD (user). AAD combines both.

As its name implies ADFS is a federation layer that sits on top of AD.

Also, ADFS is an R-STS in that it can be in the middle of a federation chain. It can handle upstream and downstream requests . AAD can't - it is always the endpoint.

ADFS has the power of claims rules, AAD has no such concept.

Solution 2

Both work as a secure token service.

These are two different services of course, and usually you are responsible for the ADFS infrastructure, while you are not responsible for AAD infrastructure.

Azure AD can also federate authentication to ADFS if you have user sync enabled with Azure AD Connect. In that scenario Azure AD redirects the user to ADFS to authenticate, and trusts the answer ADFS provides. From the point of view of apps it makes no difference how a user authenticates against AAD.

Share:
11,433
The Inquisitive Coder
Author by

The Inquisitive Coder

Full-Stack Web and Cloud Development professional

Updated on June 29, 2022

Comments

  • The Inquisitive Coder
    The Inquisitive Coder about 2 years

    Differences between ADFS and Azure AD

    1. I understand that ADFS is a STS (Secure Token Service) in the sense that it issues tokens to applications that helps applications establish user identity. At an organization level, our org uses ADFS with WS-Federation protocol to authenticate users across all internal application of organization and also implement SSO.

    2. Also in our organization we have Azure AD account, and I have used Azure AD to register our custom apps, and whenever an unauthenticated user enters our app, the person will redirected to azure ad login page and will have to authenticate himself. After successful authentication Azure AD also issues token(ID Token, access token, Refresh Token)

    My question is that can I consider Azure AD also a type of STS (Secure Token Service) just like ADFS because it issues tokens to establish client identity?

  • Niladri
    Niladri about 5 years
    Thanks well explained. Does that mean if we are using Azure AD to issue token for authentication , we can also use ADFS as a replacement to achieve the same?
  • juunas
    juunas about 5 years
    Well, it depends. When you use AAD for authentication, you can also call e.g. MS Graph API on behalf of the user. You can't do that with ADFS.
  • Niladri
    Niladri about 5 years
    I think we can also call graph API to query the AAD , is my understanding correct?
  • 4c74356b41
    4c74356b41 about 5 years
    how come ADFS is an identity provider? its not
  • juunas
    juunas about 5 years
    I could be wrong on that part, I only know ADFS at a high level :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Get-AzureKeyVaultSecret : Operation returned an invalid status code 'Forbidden'
Unable to get bearer token from Azure AD to use with API App
On premise Active Directory ObjectId is different than Azure Active Directory ObjectId
Get Azure Active Directory Token with username and password
Failure to generate access token using refresh token for O365 API
Azure AD B2C password expiration
Check if username exist in Microsoft Azure Active Directory
AADSTS900144: The request body must contain the following parameter: 'scope' when using legacy Developer Portal
The client xxx with object id xxx does not have authorization to perform action Microsoft.Resources/subscriptions/resourcegroups/write' over scope
How do I get all the details of an Azure AD computer object?