What is ADFS?
Active Directory Federation Service (ADFS) is a software component developed by Microsoft to provide Single Sign-On (SSO) authorization services to users on Windows Server Operating Systems. ADFS allows users across organizational boundaries to access applications on Windows Server Operating Systems using a single set of login credentials.
ADFS makes use of claims-based Access Control Authorization model to ensure security across applications using federated identity. Claims-based authentication is a process in which a user is identified by a set of claims related to their identity. The claims are packaged into a secure token by the identity provider.
What Is OAuth2?
OAuth 2.0 is an open standard created by the IETF for authorization. Generally, OAuth provides to clients a “secure delegated access” to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.
Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.
ADFS issues access tokens and refresh tokens in the JWT (JSON Web Token) format in response to successful authorization requests using the OAuth protocol. ADFS does not issue SAML tokens over the OAuth authorization protocol inherently, but can be allowed using SecureW2.
Using OAuth + ADFS for Secure Network Authentication
Certificate enrollment can be a tedious and difficult process that often stumps the average user. The JoinNow MultiOS onboarding software allows users to self-configure via a few simple steps designed for a user uninitiated with certificates.
With SecureW2, you can leverage ADFS to enroll for certificates. By utilizing ADFS for identification, a certificate is tied to the identity of a user and device for the life of the certificate. The certificate cannot be transferred to another device, so the users on your network are always correctly identified.
OAuth2 is the protocol that SecureW2’s Cloud RADIUS uses to communicate with the Active Directory. This ensures that the certificate in place is still valid and the user is authenticated properly.
Certificates provide a substantial upgrade to network security and user experience as their proper usage can eliminate the threat of Man-in-the-Middle attacks and password-based headaches. We provide everything an organization needs to use digital certificates to automatically authenticate to a network securely.
