ADFS，WIF，WS联合身份验证，SAML和STS有什么区别？ [英] What's the difference between ADFS, WIF, WS Federation, SAML, and STS?

问题描述

这些技术和流行语用于Microsoft服务的单点登录。

These are numerous technologies and buzzwords used for single sign-on with Microsoft services.

有人可以解释ADFS，WIF，WS联合身份验证，SAML和STS（安全性）吗？

Can someone explain ADFS, WIF, WS Federation, SAML, and STS (Security token service), including where and when each is being used.

推荐答案

从大角度看：

假定一个基于ASP.NET浏览器的应用程序需要身份验证和授权。

Assume an ASP.NET browser-based application that requires authentication and authorization.

应用程序可以自行滚动或外包。

The application can roll its own or it can outsource it.

WIF 是一个允许ASP.NET实施此外包的.NET库。

WIF is a .NET library that allows ASP.NET to implement this outsourcing.

它与 STS （ ADFS >是STS的实例），它针对身份存储库进行身份验证并以声明的形式提供授权信息。 STS提供了一组已签名的，受信任的声明。

It talks to an STS (ADFS is an instance of an STS) which authenticates against an identity repository and provides authorization information in the form of claims. An STS provides a set of signed, trusted claims.

WIF和ADFS之间使用的协议为 WS联合身份。

The protocol used between WIF and ADFS is WS-Federation.

如果STS基于Java（例如Ping Identity或OpenAM），则WIF将使用 SAML 协议进行通信。 ADFS还支持SAML以启用联盟。

If the STS was Java based (e.g Ping Identity or OpenAM), then WIF would use the SAML protocol for communication. ADFS also supports SAML to enable federation.

（例如，联邦允许Java面向公司A的用户访问B面向.NET的公司中的ASP.NET应用程序。对A的身份存储库进行身份验证。公司A和公司B在联盟意义上彼此信任。）

(Federation e.g. allows a user in a Java oriented company A to access the ASP.NET application in a .NET oriented company B by authenticating against A's identity repository. Company A and company B trust each other in a federation sense.)

这篇关于ADFS，WIF，WS联合身份验证，SAML和STS有什么区别？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！