Overview of demo components

Demo Description

This set of sample applications demonstrates how the Identity Federation System (idFS) can be applied to realize federated identity and access management for multiple Web applications and services. The concepts behind the implementation are based on the Active and Passive Requestor Profiles of the WS-Federation specification.

• The demo contains two independent Web applications that each has two protected sites. Both applications rely on the same Security Token Service (STS) for access control. Therefore, users only have to authenticate once according to the Single Sign On (SSO) principle.
• The identities are managed by Identity Providers (IP), which are chosen dynamically by the STS to account for different groups of users that belong to different organizations. In the case of the demo, the user is sent to an alternative second IP if a Netscape browser is used.
• Once signed in, user can use the Web interfaces of the IP and the STS to manage their identity attributes and their roles.
• The same mechanism can also be applied to the protection of Web services. In the demo, Application 1 can be used to call a Web service that requires the permission of the STS.