Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Active Directory Federation Services How does it really work?
Securing Your Applications and Web Services with the Geneva Framework Jim Lavin.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture
 Jan Alexander Program Manager Microsoft Corporation BB43.
 Rich Randall Development Lead Microsoft Corporation BB44.
Microsoft Identity Solutions
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Implementing and Administering AD FS
Introducing Windows Server 2012 R2 Work Folders:
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM
 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
A claims-based Identity Metasystem
Active Directory Integration with Microsoft Office 365
Conditional access DirectAccess & automatic VPN Desktop Virtualization.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Troubleshooting Federation, AD FS 2.0, and More…
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Troubleshooting Federation, AD FS 2.0, and More…
Federation and Federated Identity: Part 2 Building Federated Identity Solutions with Forefront Unified Access Gateway (UAG) and ADFS v2 John Craddock Infrastructure.
Module 8 Configuring and Securing SharePoint Services and Service Applications.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Single Sign-On with Microsoft Azure
Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.
Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.
 Stuart Kwan Group Program Manager Microsoft Corporation  Caleb Baker Senior SDET Microsoft Corporation BB42.
SIM401. A. Datum Account Forest Trey Research Resource Forest Federation Trust Microsoft (Users) E-Company Store (Resource) Contoso(Users)Contoso(Users)Fabrikam(Resource)Fabrikam(Resource)
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Bronze Sky customer premises AD MS Online Directory Sync Provisioning platform Provisioning platform Lync Online Lync Online SharePoint Online SharePoint.
Brian Puhl Principal Technology Architect MSIT Identity & Access Management Microsoft Corporation SESSION CODE: SIA302.
Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.
 Justin Smith Sr. Program Manager Microsoft Corporation BB28.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Brian Puhl Technology Architect Microsoft IT Session Code: ITS212.
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.
Alex Thissen | Achmea Designing and implementing a claims-based architecture Alex Thissen | Achmea Claim typeValue
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Authentication methods SharePoint Web Application Windows integrated Membership & Role Providers Web SSO Access control Roles protected Anonymous.
Networks ∙ Services ∙ People Jean Marie THIA GN4-1 Symposium, Vienna A case study GÉANT AuthN / AuthZ 9 march 2016 Solutions Architect -
Web SSO with Cloud Resources using AD Federation Services
Stop Those Prying Eyes Getting to Your Data
Azure Active Directory - Business 2 Consumer
Introduction to Windows Azure AppFabric
Office 365 Identity Management
AD FS Integration Active Directory Federation Services (AD FS) 7.4
AD FS Installation Active Directory Federation Services (AD FS) 7.1
Implement Web Application Proxy (WAP)
Device Registration and Multi-Factor Authentication
Presentation transcript:

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in Separate Sign-in Separate Sign-in Additional Provisioning Additional Provisioning Additional Provisioning Additional Provisioning Additional Provisioning

Claims Framework Your App 4. Send claims trust 2. Look up claims, transform for application 1. Authenticate 3. Return claims Relying Party Client Identity Provider Fed Client (optional)

“Geneva” Framework Your App trust Relying Party Client “Geneva” ServerActive Directory SQLAttributeStoreSQLAttributeStore Windows CardSpace “Geneva”

Windows Identity Foundation Your App trust Relying Party Client Active Directory Federation Services 2.0 Active Directory SQLAttributeStoreSQLAttributeStore Windows CardSpace 2.0

trust Relying Party Frank Miller SharePoint Redirect to STS 1. Attempt access 3. Home realm discovery 4. Redirect to STS 5. Authenticate FabrikamContoso Windows Identity Foundation AD FS 2.0

trust Relying party Frank Miller SharePoint Post claims 7. Post claims 8. Get claims 6. Get claims FabrikamContoso Windows Identity Foundation

From Fabrikam To LOB Application [type == “Role”, value == “Plant Manager”] => issue (type = “Role”, value = “Buyer”); [type == “Role”, value == “Plant Manager”] => issue (type = “Role”, value = “Buyer”); Fabrikam Authority Policy {Role, Plant Manager} To SharePoint [type == “Role”, value == “Buyer”] => issue (type = “Role”, value = “Purchaser”); [type == “Role”, value == “Buyer”] => issue (type = “Role”, value = “Purchaser”); AutoParts Relying Party Policy [type == “Role”, value == “Buyer”] => issue (type = “Role”, value = “Visitor”); [type == “Role”, value == “Buyer”] => issue (type = “Role”, value = “Visitor”); SharePoint Relying Party Policy {Role, Purchaser}{Role, Visitor} Contoso AD FS 2.0 Server {Role, Buyer}

AD FS 2.0 Microsoft Federation Gateway trust Relying party Frank Miller SharePointOnlineSharePointOnline FabrikamMicrosoft Online ExchangeOnlineExchangeOnline CRM Online ……

Front End AD FS 2.0 Frank Miller Windows Identity Foundation Web Application Back End Windows Identity Foundation Web Service 1. Post claims 2. Get claims 3. Send claims trust

STS „Geneva“ Server (Beta 2) Web Service Provider SAP NetWeaver 7.02 Web Service Consumer.NET 3.5 Trust User Mapping in AD/“Geneva“ Server Registration of SAP Enterprise Service as Relying Party in „Geneva“ Server STS Configuration of „Geneva“ Server in SAP Generated Consumer WCF Binding based on Provider Policy

AD FS 2.0 Card Issuance Token Issuance Management APIs and UX Metadata AD FS 2.0 Proxy Token Issuance Proxy Metadata Proxy Internet Client Configuration Database Intranet Client Attribute Stores AD FS 2.0 Components

Active Directory Configuration SQL Cluster Load Balancer Intranet AD FS 2.0 Farm Perimeter Network Proxy Farm All Intranet Servers Domain Joined Load Balancer

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.