Azure & Active Directory Center

The question "which federation protocol should I use" comes up frequently when talking to developers in my company. Fortunately MS has a PFE who has blogged on the subject.

The article is fantastic and technically accurate in the details. I highly recommend reading it. But I disagree at a higher level with the conclusions the author makes. I think I can explain that disagreement by examining the PFE’s situation. Firstly, he wrote this 5 months ago, and the situation changes quickly in federation. Secondly, he works for Microsoft and as a PFE the scenarios he encounters are likely more Microsoft focused than those of us in the “wild”. Thirdly, he is focused on ADFS as his technical area, it is the focus of his blog and he is quite clear on that.

Many companies have business relationships with SaaS partners that use SAML for authentication. ADFS works very well for many as a SAML WS-* federation infrastructure, although we have had some hiccups and incompatibilities along the way. One thing that comes up every now and then is applying business rules to the federation trust with a partner. Microsoft has done a very good job of explaining how to implement certain business rules for Office365 in some of their official blog posts by PFE’s. But what I have not seen is some of that practical help applied to non Microsoft services that we rely on.