Happy Birthday (Microsoft IT) Federation
Posted by BPuhl on January 10, 2008
Long long ago, in a weblog far, far away, I published a few posts about our experiences deploying ADFS.
This afternoon, for the second time, we replaced our token-signing certificate for our internal federation servers. Since we have 1 year expiration on the certificates we use, this means that our ADFS deployment has celebrated it’s second birthday.
I’m happy to report that we’re actually making quite a bit of use of ADFS with our partners. A couple of highlights:
– We federated with our regional payroll provider to provide SSO for employee’s. This was notable, because the vendor didn’t previously support any federation, and due to their back end systems, they weren’t able to use ADFS. Instead, we introduced them to a partner in the identity space who was able to help us tie it all together.
– Major Microsoft internal conferences now use ADFS for sign-on and registration. This was an important first step, because our partner that provides these services also provides them for the major Microsoft public conferences. Federated identities are on the way…
– Using ADFS to provide access tokens to Extranet (DMZ) based applications.
– Running on Windows Server 2008 ADFS for many months without a hitch!
Nice work to the ADFS product group, and the MS IT operations/engineering guys who have taken us this far.