IDaaS Open Platform

Overview

# 1. Overview

WS-Federation (abbreviated: WS-Fed) is part of the Web Services Security (abbreviated: WS-Security, WSS: a collection of protocol standards extended for web-service security) and is a standard protocol released by OASIS (https://www.oasis-open.org). Its main contributors are Microsoft and IBM. WS-Fed version 1.1 was released in 2003, and the latest WS-Federation 1.2 version (opens new window) standard was released in 2009. This protocol is mainly applied in enterprise services and is primarily promoted within Microsoft's own products. Additionally, this standard is based on SOAP. Although the entire protocol is powerful and considers details comprehensively, its implementation can be relatively heavy. It is typically prioritized only when integration with Microsoft services is required.

# 2. Authentication Modes

IDaaS has implemented two identity authentication modes based on the WS-Federation protocol: Active mode and Passive mode.

# 2.1. Active Mode

WS-Federation uses the WS-Trust model, which is implemented based on the SOAP protocol. This is an XML-oriented communication protocol widely used in Web Services. This mode is known as the "WS-Federation Active Requestor Profile" (Active mode). Active mode executes remote procedure calls and communicates with remote servers through SOAP messages. Therefore, communication between the client and server using Active mode is implemented based on the SOAP protocol.

# 2.2. Passive Mode

Since the WS-Trust model requires applications to be entirely based on SOAP, this obviously limits its usage scenarios. To address this issue, WS-Federation extended this model, allowing the use of the most basic mechanisms in HTTP (GET, POST, redirection, cookies) to encapsulate the WS-Trust protocol. This eliminates the mandatory dependency on SOAP. Any browser or web application that supports the HTTP 1.1 standard can use WS-Fed. This mode is known as the "WS-Federation Passive Requestor Profile" (Passive mode). This flow is also the most commonly used method by us currently.

Active Mode Authentication