Overview
1. Overview
WS-Federation (WS-Fed for short) is part of Web Services Security (WS-Security or WSS for short: a collection of protocol standards for web-service security extensions). It is a standard protocol published by OASIS (https://www.oasis-open.org). Its main contributors are Microsoft and IBM. WS-Fed 1.1 was released in 2003; the latest WS-Federation 1.2 specification was released in 2009.
This protocol is mainly used in enterprise services and is promoted in Microsoft's own products. In addition, this standard is based on SOAP. Although the protocol is powerful and comprehensive in detail, implementation is relatively heavy. It is only prioritized when integration with Microsoft services is required.
2. Authentication Modes
IDaaS implements two identity authentication modes based on the WS-Federation protocol: Active mode and Passive mode.
2.1. Active Mode
WS-Federation uses the WS-Trust model and is implemented based on the SOAP protocol. This is an XML-oriented communication protocol widely used in Web Services. This mode is the "WS-Federation Active Requestor Profile" (Active mode). Active mode performs remote procedure calls through SOAP messages and communicates with remote servers. Therefore, communication between the client and server using Active mode is implemented based on the SOAP protocol.
2.2. Passive Mode
Because the WS-Trust model requires applications to be fully SOAP-based, this obviously limits usage scenarios. WS-Federation solves this problem by extending the model to use the most basic HTTP mechanisms (GET, POST, redirection, cookies) to encapsulate the WS-Trust protocol, thereby eliminating the mandatory dependence on SOAP. All browsers or web applications supporting HTTP 1.1 can use WS-Fed. This mode is the "WS-Federation Passive Requestor Profile" (Passive mode). This flow is also the most commonly used method currently.