<P> Active Directory Federation Services (AD FS), a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign - on access to systems and applications located across organizational boundaries . It uses a claims - based access - control authorization model to maintain application security and to implement federated identity . Claims - based authentication involves authenticating a user based on a set of claims about that user's identity contained in a trusted token . Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims - based authentication . It is part of the Active Directory Services . </P> <P> In AD FS, identity federation is established between two organizations by establishing trust between two security realms . A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity . On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity . This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords . </P>

What is the use of active directory federation services