Web-based central authentication
ADFS (Active Directory Federation Service) provides users with single sign-on access to systems and applications.
ADFS makes use of claims-based Access Control Authorization model to ensure security across applications using federated identity. Claims-based authentication is a process in which a user is identified by a set of claims related to their identity. The claims are packaged into a secure token by the identity provider. and uses claims-based authentication.
Who can use this service:
The following groups can request single sign-on authentication using ADFS
- A faculty
- An official school
- An affiliated and federated institution of the University of Waterloo
- Research centers and institutes
- Research groups, as defined by the Senate Graduate & Research Council
- Student Societies, as listed by Waterloo Undergraduate Student Association (WUSA)
- WUSA
- Clubs must be listed as an official club on the WUSA club listing or their respective Student Society homepage as defined
Required information:
- The URL for the application Metadata file or the file itself.
- The claims required to be passed to the application.
Common claims that can be requested for use by applications using ADFS, others are available if not listed below:
- Group
- emailaddress
- surname
- givenname
- samaccountname
- EmployeeID
- StudentID
- UPN