Benefits of Microsoft's Active Directory Federated Services (ADFS)
ADFS is a Microsoft software component that can run on Windows Server operating systems. It is an identity access solution that provides internal or external browser-based clients with seamless, one-prompt access to one or more protected Internet-facing applications, even when the user accounts and applications exist in different networks or organizations. ADFS uses a claims-based access-control authorization model.
In ADFS, a federation server on the account side authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity. On the resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This process allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.