0

If WS-Federation/WS-Trust are deployed as part of a service to expose consumable ADFS endpoints, is there a dependency on Kerberos?

For example, if Web Application Proxy (WAP) servers were being implemented as part of an ADFS roll-out and the WAP severs were not joined to the domain, will this limit the ability to consume WS-Federation/WS-Trust endpoints exposed by ADFS?

4

1 回答 1

1

不,WS-Federation/WS-Trust 独立于 Kerberos。Kerberos 只是可以与 WS-Federation/WS-Trust 结合使用的一系列身份验证机制中的一个选项,但它不是唯一的,也不是必需的。此外,代理服务器可以独立于 WS-Federation/WS-Trust 的身份验证机制进行部署,除非您想对这些机制应用限制。

于 2015-08-11T19:56:44.443 回答