Exam SY0-501 topic 1 question 296 discussion

Correct SAmL is the write answer

I understand SAML is used for web-based SSO and employs federated identity management, but Active Directory does this for non web-based entities. Aren't both answers equally correct?

Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML)– based data format used for SSO on web browsers. Imagine two web sites hosted by two different organizations. Normally, a user would have to provide different credentials to access either web site. However, if the organizations trust each other, they can use SAML as a federated identity management system. Users authenticate with one web site and are not required to authenticate again when accessing the second web site. (Darril Gibson’s Get Certified Get Ahead p. 196)

In AD FS, identity federation[3] is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity. On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords. ADFS uses a claims-based access-control authorization model. This process involves authenticating users via cookies and Security Assertion Markup Language (SAML). That means ADFS is a type of Security Token Service, or STS. You can configure STS to have trust relationships that also accept OpenID accounts.

For "identity management" Active Directory does the actual management and employs SAML to do the authentication. Active directory is the traffic cop - the manager.

In order for FIM to be effective, the partners must have a sense of mutual trust. Authorization messages between partners in an FIM system can be transmitted using Security Assertion Markup Language (SAML) or a similar XML standard that enables a user to log on once for affiliated but separate websites or networks. Examples of FIM systems include OpenID and OAuth, as well as Shibboleth, which is based on OASIS SAML.