Active Directory Federated Services

Quest Single Sign-On for Java (formerly Vintela Single Sign-On for Java) allows Tomcat or J2EE applications, to participate in the ADFS (Active Directory Federation Services) infrastructure. Organizations that deploy Microsoft's federation technology can now include their Java-based applications in the same resource domain as their .NET applications.

Java-based applications are incorporated into the ADFS model simply by specifying the application URI of the Java application—exactly the same way.NET applications are managed from the ADFS MMC snap-in. ADFS provides the same claims-mapping services to the Java application as it does for .NET, so claims presented by account domain partners can be automatically mapped to their corresponding local resource domain claims.

The application itself can be configured to use the filtered SAML assertion as the basis for resolving role-based logic. Single Sign-on for Java uses the SPNEGO protocol supported by Internet Explorer to provide Integrated Windows Authentication for J2EE applications. Applications may also be configured to use both methods of authentication and authorization simultaneously – external partners being authenticated using ADFS, internal users being authenticated by Kerberos and the SPNEGO protocol.