Home
Planview Changepoint
Knowledge Base
Technical Architecture
What are the differences between SSO on ADFS 2.0 and SSO using SAML 2.0 (ADFS 2.0) v2012SP2

What are the differences between SSO on ADFS 2.0 and SSO using SAML 2.0 (ADFS 2.0) v2012SP2

Last updated
Save as PDF

What are the differences between the SSO methods (pages 115 and 117 in the installation guide):

(Solution 2) SSO using ADFS 2.0 vs (Solution 3) SSO using SAML 2.0 (ADFS 2.0)

What are the possibilities/advantages of one over the other?

They both accomplish the same thing. The preferred method is SSO using ADFS. The other introduces more complexity and a third party component.

The identity provider (the asserting party) is the authority system that provides the user information.

The service provider (the relying party relying on the assertion) is the system, that trusts the identity provider's user information, and uses the data to provide access to the service or application.

The only difference is the protocol used to validate party.

SSO using ADFS 2.0
Use WS-Federation passive protocol.

SSO using SAML 2.0 (ADFS 2.0)
Use SAML 2.0 Web SSO protocol

WS-Federation is primarily championed by Microsoft Corporation which has invested heavily into incorporating WS-Federation into its products. SAML is an older specification that is well supported by many identity management vendors.

Microsoft’s Active Directory Federation Services (ADFS) comes with Active Directory supports both WS-Federation and SAML but is easier to configure for WS-Federation. Microsoft’s Windows Identity Foundation (WIF) toolkits make it easy to enable home-grown ASP.NET applications for WS-Federation.