authenticationsingle-sign-oncasadfsblackboard

Where does ADFS fall in the classifications of authentication systems?


We are just getting started with implementing ADFS authentication, however are still getting our bearings in terms of how to integrate it with other applications and systems.

From what I can tell, the main supported authentication systems for many of the applications we use (I am specifically interested in Blackboard authentication at the moment) are ones like Shibboleth, OAuth, CAS, LDAP and each application's own authentication implication.

What I'm not sure, however, is if (and where) ADFS falls under these categories. Conceptually, it seems like a type of "Central Authentication System" (CAS), but is more similar to Shibboleth (also a federated identity management system). Do some of the main categories of authentication overlap each other? From the documentation, I can see:

AD FS provides Web SSO to federated partners outside your organization, which enables their users to have a SSO experience when they access your organization’s Web-based applications.

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol

Shibboleth is among the world's most widely deployed federated identity solutions, connecting users to applications both within and between organizations.

My main question is this:


Solution

  • Just to clarify:

    An IDP authenticates against a repository using an authentication protocol.

    ADFS is also an Identity Provider (IDP) aka Security Token System (STS)

    I've not seen the term "CAS" used in this context.

    Shibboleth and ADFS perform the same function and are (in a general sense) interchangeable.

    In practice, they aren't because Shibboleth only supports the SAML 2.0 protocol whereas ADFS supports WS-Fed, SAML 2.0 and OpenID Connect / OAuth 2.0.