WS-Federation - Identity provider and service provider roles
Each partner in a federation has a role. The role is either Identity Provider or Service Provider.
- Identity provider
Federation partner that vouches for the identity of a user. The Identity Provider authenticates the user, and provides an authentication token to the service provider. The identity provider is responsible for the following tasks:
- Directly authenticates the use by validating a user name and password.
- Indirectly authenticates the user by validating an assertion about the user's identity as presented by a separate identity provider.
The identity provider handles the management of user identities to free the service provider from this responsibility.
- Service Provider
Federation partner that provides services to the user. Typically, service providers do not authenticate users, but instead request authentication decisions from an identity provider. Service providers rely on identity providers to assert the identity of a user, and rely on identity providers to manage user identities for the federation. Service providers can maintain a local account for the user, which can be referenced by an identifier for the user.
Parent topic: WS-Federation federations