How does Active Directory Federation Service (ADFS) connects to a classic on-premise Active Directory Domain Service or simply known as (AD)?
Is it via the protocol HTTP?
Asked
Active
Viewed 2,510 times
1 Answers
1
AD FS connects to AD as a "standard" active directory supplicant for Username/Password or Certificate Authentication, and as a Kerberos relying party for Kerberos authentication. This means that it uses a variety of protocols to authenticate clients and retrieve user information. Most primarily, Kerberos is used for authentication and LDAP is used for user attribute retrieval.
The full list of ports used for AD Directory Services is quite long, and can be found at Service overview and network port requirements for Windows - Active Directory.
Generally, the AD and AD FS servers are considered to be on the same security level. ADFS Proxies (which are essentially layer-7 firewalls in their own right) are used in the DMZ to provide insulation between active directory and a potential attacker.
Mitch
- 21,223
- 6
- 63
- 86