Active Directory Federation Services: Private Key Storage and SafeNet Enterprise HSM
Directory Federation Services: Private Key Storage and SafeNet Enterprise HSM
Active Directory Federation Services (AD FS) is a tool installed on Windows servers
that provides users throughout an enterprise with single sign-on (SSO) access
to network and cloud-based resources. AD FS verifies user identities based on
an exchange of private and secure information generated from a variety of
authentication technologies–including certificate-based authentication, OTP,
OOB, and pattern-based authentication–generated from a wide variety of form
factors, such as hardware, software, or mobile tokens. When users authenticate
to AD FS, they need only sign in once to then receive access to multiple web
applications over the life of a single online session.
SafeNet Enterprise HSM (formerly Luna SA) integrates with AD FS to secure the token signing and certificate private keys.
Preserving the token signing and certificate keys in SafeNet Enterprise HSM, organizations preserve
the integrity of the authentication transaction. Since these materials never
leave the hardware appliance, unauthorized users never have access to the
materials they would need to steal to impersonate an authorized user. When SafeNet Enterprise HSM serves as the secure root to the SSO infrastructure, organizations can rest
assured that identity verification transactions will be uncompromised.