MYOC - Enabling Federation on Azure Applications using Windows Identity Foundation
As a part of the current work we are trying to provide Federated Authentication in Azure Application. We want to develop a web application in Azure which would outsource authentication service to another component which would in turn authenticate users with its own enterprise. The basic idea is to be able to provide access to authenticated users from trusted organizations. As a sample we will use MyCompany as one of the trusted organizations.
To achieve this we explored Windows Identity Foundation (previously called as Geneva Framework). Windows Identity Foundation provides Claims based Identity Management. It means the applications would have only authorization logic as per the claims (attributes) of the users since these claims are certified by a trusted source; these claims are secured also and hence can be trusted by the authentication mechanism. Using this framework authentication can be outsourced to some other central application or central storage and develop a claim aware application. Hence there is no need to bother about plumbing of the authentication code; one can just make use of the trusted claims received from the application which takes responsibility for authentication.
You might have got the point; this claims based model can be extended to achieve Enterprise SSO / Web SSO / Federated Authentication.
