Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing and Extending Active Directory Federation Services Brian Puhl Technology Architect Microsoft Corporation SIA318.

Published byJocelyn Cora Thornton Modified over 7 years ago

Similar presentations

Presentation on theme: "Managing and Extending Active Directory Federation Services Brian Puhl Technology Architect Microsoft Corporation SIA318."— Presentation transcript:

1 Managing and Extending Active Directory Federation Services Brian Puhl Technology Architect Microsoft Corporation SIA318

2

3 Identity Provider Application Provider Application Federation Service Active Directory

4 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect?

5 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery

6 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD

7 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules

8 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules 5. Redirects to application

9 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect?

10 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery

11 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD

12 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules

13 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules 5. Redirects to application

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28 ASP.Net Page: HRD.aspx When service loads HRD.aspx page, check wtrealm and lookup HRD experience to display

29 ASP.Net Page: HRD.aspx ASP.Net User Control (.ascx) For each application which requires, convert their desired page from.aspx to.ascx and load into a full screen panel in the.aspx page Note the.aspx page needs a selectWHR method calling SelectHomeRealm()

30

31

32

33

34 Note that this team did not want all 4 HRD options to be displayed? That’s a problem…

35

36

37

38 dXJuOmZlZGVyYXRpb246TVNGVA== Base64 encoded value: urn:federation:MSFT This is the federation service identifier for the claims provider trust partner that the HRD cookie maps to

39

40

41

42

43

44

45

46 The default IE user experience does not render anything in the browser behind the credential pop- up

47

48

49

50

51

52

53 Talk to our Experts at the TLC #TE(sessioncode) DOWNLOAD Windows Server 2012 Release Candidate microsoft.com/windowsserver Hands-On Labs DOWNLOAD Windows Azure Windowsazure.com/ teched

54 Connect. Share. Discuss. http://northamerica.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

55 Required Slide Complete an evaluation on CommNet and enter to win!

56

57

58

Download ppt "Managing and Extending Active Directory Federation Services Brian Puhl Technology Architect Microsoft Corporation SIA318."

Similar presentations

Windows Server 2012 + Advanced Storage Solutions = Datacenter Elevation Alex Jauch Architect NetApp John Parker Technical Marketing Manager NetApp.

Windows Server Advanced Storage Solutions = Datacenter Elevation Alex Jauch Architect NetApp John Parker Technical Marketing Manager NetApp.
What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.

What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.
Cloudy Weather: How Secure Is the Cloud? David Aiken Windows Azure Microsoft Corporation.

Cloudy Weather: How Secure Is the Cloud? David Aiken Windows Azure Microsoft Corporation.
Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.

Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.
Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318.

Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318.
Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.

Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.
Best Practices for Designing and Consolidating Group Policy for Performance and Security Darren Mar-Elia Group Policy MVP, CTO & Founder SDM Software,

Best Practices for Designing and Consolidating Group Policy for Performance and Security Darren Mar-Elia Group Policy MVP, CTO & Founder SDM Software,
Standards Support and Interoperability in Windows Server 2012: Networking, Management, and Storage Jeffrey Snover Distinguished Engineer and Lead Architect.

Standards Support and Interoperability in Windows Server 2012: Networking, Management, and Storage Jeffrey Snover Distinguished Engineer and Lead Architect.
Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.

Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.
Deploying Windows Server 2012: From Bare Metal, Server Core, Minimal Server Interface, and More Andrew Mason Principal Group Program Manager Microsoft.

Deploying Windows Server 2012: From Bare Metal, Server Core, Minimal Server Interface, and More Andrew Mason Principal Group Program Manager Microsoft.
Visual Studio Tips & Tricks Dustin Campbell Microsoft Corporation Scott Cate EventDay.com DEV319.

Visual Studio Tips & Tricks Dustin Campbell Microsoft Corporation Scott Cate EventDay.com DEV319.
Operating and Optimizing Multi-Tenant SaaS Applications in Windows Azure: An IT Pro Perspective Rainer Stropek CEO, Co-Founder software architects gmbh.

Operating and Optimizing Multi-Tenant SaaS Applications in Windows Azure: An IT Pro Perspective Rainer Stropek CEO, Co-Founder software architects gmbh.
Microsoft Private Cloud Fast Track: The Next Generation of Private Cloud Reference Architecture Mike Truitt Sr. Product Planner Bryon Surace Sr. Program.

Microsoft Private Cloud Fast Track: The Next Generation of Private Cloud Reference Architecture Mike Truitt Sr. Product Planner Bryon Surace Sr. Program.
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.

Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.
The Network Files, Case #53: Diagnosing diseases of DNS Presented by Mark Minasi for newsletters, audio sets etc WSV313.

The Network Files, Case #53: Diagnosing diseases of DNS Presented by Mark Minasi for newsletters, audio sets etc WSV313.
SIM402. Kerberos, NTLM, Basic, Digest, Forms?

SIM402. Kerberos, NTLM, Basic, Digest, Forms?
Enabling Disaster Recovery for Hyper-V Workloads Using Hyper-V Replica Shreesh Dubey Principal Group Program Manager Microsoft Corporation VIR302.

Enabling Disaster Recovery for Hyper-V Workloads Using Hyper-V Replica Shreesh Dubey Principal Group Program Manager Microsoft Corporation VIR302.
Application Integration Futures - The Road Map and What's Next on Windows Azure Bala SriramRajesh Ramamirtham Director of DevelopmentProgram Manager AZR207.

Application Integration Futures - The Road Map and What's Next on Windows Azure Bala SriramRajesh Ramamirtham Director of DevelopmentProgram Manager AZR207.
Implementing Scrum Using Team Foundation Server 11 2012 Richard Hundhausen President, Accentient DEV212.

Implementing Scrum Using Team Foundation Server Richard Hundhausen President, Accentient DEV212.

Similar presentations

Ads by Google