Home / Companies / SSOJet / Blog / Post Details
Content Deep Dive

WS-Federation Single Sign-on Profiles Explained

Blog post from SSOJet

Post Details
Company
Date Published
Author
Devraj Patel
Word Count
1,917
Company Posts That Month
56
Language
English
Hacker News Points
-
Summary

WS-Federation is a legacy protocol that facilitates identity sharing across different security realms, primarily used in older systems like SharePoint and on-premises Windows servers. Despite its age and reliance on XML and SOAP, WS-Federation remains relevant, particularly in sectors like finance and healthcare, where Microsoft ADFS is prevalent. The protocol operates through a Security Token Service (STS) and a Relying Party (RP), utilizing claims-based identity for detailed access control. It functions through browser redirects, similar to OAuth's implicit flow, and its security depends on validating digital signatures against federation metadata. Although WS-Federation is seen as clunky compared to modern protocols like OIDC, it continues to secure millions of enterprise logins, serving as a critical component in hybrid cloud setups. Despite being in maintenance mode, with no new features being developed, transitioning away from WS-Federation requires careful planning and often involves bridging solutions to gradually integrate modern protocols like OIDC, ensuring security and compatibility across legacy and new systems.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Platform Engineering 2 368 138 58 +24%