Virtual Identity Server Federation Services

(VIS Federation Services) - Extending ADFS 2.0 - with multi-repository authentication and additional authentication methods

Overview

The Virtual Identity Server Federation Services includes an Identity Provider (IP) Security Token Service (STS) that can authenticate users wherever they reside such as: LDAP directories, SQL databases, and multiple Active Directories (without forest trusts). Additionally, The STS can be trusted by and leveraged within an existing ADFS deployment, allowing ADFS to easily authenticate users against data stores other than Active Directory such as Sun, eDirectory or even a database.

The Virtual Identity Server Federation Services also provides an ADFS deployment with additional out-of-the-box (OOB) authentication methods such as: traditional user id and password (basic), Windows Integrated Authentication, single-sign-on (SSO) to and from other systems, as well as Department of Defense Common Access Card (CAC) authentication.

Claims Augmentation

The Virtual Identity Server Federation Services also provides the ability to easily perform dynamic claim augmentation, without any custom coding using a point and click GUI. Virtual Dynamic Claim Groups™, which consist of standard role claims, can be assigned to users based on other incoming claim information. As the information about a user changes, the role claims (i.e. security) are dynamically updated.

Claims-enabled applications that include support for AD FS 2.0, such as SharePoint 2010 and Forefront Unified Access Gateway (UAG), can now benefit from the powerful features that are provided by the Virtual Identity Server Federation Services.

With the Virtual Identity Server Federation Services, security is defined once and is leveraged both on-premise and in the cloud, significantly reducing adminstration and lowering the total cost of ownership (TCO).

      
   VIS Federation Services Datasheet (pdf)