Free for PREMIUM members
If a web service uses standards, it handles claims-based authentication using SAML 2.0 or, increasingly, OAuth 2.0 and OpenID Connect. Microsoft's own Azure Active Directory doesn't use Kerberos; it supports SAML and OAuth 2.0 as its authentication protocols.
In Windows Server 2012 R2, the most significant enhancements to the AD platform were made to Active Directory Federation Services (AD FS), not Active Directory Domain Services (AD DS). AD FS is an authentication head for AD DS that extends AD DS's reach to the world of web-based services that support SAML 2.0 and—in Windows Server 2012 R2's AD FS implementation—OAuth 2.0. (Think of AD FS as the teenager translating new technology to the AD DS adult that just doesn't understand it.)
ADFS provides an extensible architecture that supports the Security Assertion Markup Language (SAML) token type and Kerberos authentication (in the Federated Web SSO with Forest Trust scenario). ADFS can also perform claim mapping, for example, modifying claims using custom business logic as a variable in an access request. Organizations can use this extensibility to modify ADFS to coexist with their current security infrastructure and business policies. For more information about modifying claims, see Claim mapping.
Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.