What is Federation?
Federation, in a general sense, refers to collaboration or union. However, in the context of the internet, federation specifically describes the integration of user authentication across multiple internet services. By sharing authentication information among different services, users can access multiple applications or platforms with a single authentication event.
A popular implementation method for federation is SAML (Security Assertion Markup Language), a standard protocol for performing user authentication across domains. SAML enables users to leverage Single Sign-On (SSO) functionality to access multiple services hosted across different internet domains. For example, by using SAML between an internal system and a cloud service, users can log into the internal system and simultaneously gain access to the cloud service without needing to authenticate a second time. SAML, based on XML, was established in 2002, with version 2.0 introduced in 2005.
To enable SSO between different domains, authentication information must be exchanged between those domains. In SAML terminology:
When a user attempts to access an SP, the SP redirects the request along with a SAML authentication request to the IdP. The IdP processes user authentication based on the received request. Once authentication is complete, the IdP issues an Assertion containing details such as authentication status, user attributes, and access permissions. The SP uses this assertion to enforce access control and grant appropriate permissions.
F5 BIG-IP Access Policy Manager (APM) is a solution provided by F5 that supports SAML 2.0 and includes SSO capabilities. It can function as an IdP to handle user authentication and issue assertions or as an SP to receive assertions and control access to applications.