Before we begin the configuration part, we need to understand some of the basic concepts which are highly required for the better understanding of Federation trust relationship know as ADFS Trust in modern days.
What is Federation Trust(AD FS Trusts):
Active Directory Federation Services (AD FS) to enable efficient and secure online transactions between partner organizations that are joined by federation trust relationships.Below picture explains it fantastically
In the above Illustration, Resource Partner Organization(RPO) provides the ADFS-Enabled Application which is already integrated with RPO’s AD FS and it is workings fine.. Account Partner Organization(APO) where the partner Accounts relies and wants to access the AD FS-Enabled Application of Resource partner Organization. basically many of the known application providers will supports for single Identity providers. Federation trust resolves this problem. How?? Since the application is already integrated and it will not take another identity provider, We can create the AD FS trust between both the organizations using AD FS.
An Example, Windowstechpro.Com is the resource provider organization and APP1.Winodwstechpro.com is AD FS-Enabled Application and ABC.Com is Account Partner Organization. once the Federation trust created. any users of ABC.Com trying to access APP1.Windowstechpro.com, Ideally the request will go to the Windowstechpro.com domain’s ADFS Server.When they credentials entered as User1@ABC.Com, Windowstechpro’s ADFS Server will understand that the Claims provider is ABC.Com and the request will get redirected to ABC.Com’s ADFS Servers. Once the account is validated and the cookie will get passed on to Windowstechpro.com’s ADFS server and the token will get passed to the APP1 by the ADFS Server of Windowstechpro.com
ADFS provides authorization, authentication and Single Sign-On (SSO) functionality to web applications and services located virtually anywhere, including perimeter networks, partner organizations & cloud.
Believe that I have explained clearly. Now let’s see what is the benefits of the ADFS trusts.
1. It is very secure and there will be always secure communication between both the domains.
2. There is no direct communications required between the domains apart from Port: 443 open to access for ADFS Servers
3. The transactions always will be in Secured
What is required to Configure ADFS trust:
1. Both domains should have ADFS Servers configured and accessible from the internet
2. SSL Port 443 should be open towards ADFS Server from the other domains.