Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

Published byKatrina Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner."— Presentation transcript:

1 SIM403

2

3 Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner organization Your organization Claims Provider Trust

4 AD Acceptance Transform rules ST Issuance Transform rules Issuance Authorization rules ST Acceptance Transform rules Issuance Transform rules Issuance Authorization rules AD Acceptance Transform rules ST Issuance Transform rules Issuance Authorization rules ST Acceptance Transform rules Relying Party Trusts Claims Provider Trusts Relying Party Trusts Claims Provider Trusts

5 demo

6 ADFS STS

7

8 Active Directory Configuration SQL Cluster Firewall & Load Balancer Perimeter Network ADFS Proxy Farm Firewall & Load Balancer Internet Intranet ADFS Federation Farm Remote userCorpNet users Forms Authentication

9

10 adfs.example.com Domain joined proxies simplify management through group policy May not meet your security requirements Domain joined proxies simplify management through group policy May not meet your security requirements

11 ADFS v 2.0 Claims aware application UAG Kerberos application Publishes ADFS Farm Publishes Applications Active Directory

12 Multiple authentication options DirectAccess HTTP/HTTPS Layer3 VPN Application publishing Optimizer modules for Exchange SharePoint CRM Reverse proxy for Web farms Third party support RemoteApps via Integrated Remote Desktop Services Gateway

13

14 Evaluate Endpoint Access Settings Evaluate Endpoint Access Settings Authenticate user against authentication servers Authentication Servers Authentication Servers External IP and URL HTTP or HTTPS External IP and URL HTTP or HTTPS UAG Trunk Trunk Portal Add Applications to Trunk

15

16

17 demo

18 https://adfs.example.com Terminates HTTPS and then sends to ADFS Farm CTB prevents server accepting credentials from new SSL channel

19

20 demo

21 Authentication via SAML security token UAG ADFS Request Kerberos Ticket to APP1 on behalf of user Authenticate to APP1 using Kerberos App1 Authentication & Authorization via Kerberos ticket Domain Controller running KDC

22 KDC UAG Server Tom TGT K-ST Data server Claims Authentication Request Kerberos token with user’s identity Request Kerberos ST with user’s identity K-ST Impersonate user Uses: Kerberos extension Service-for-User-to-Self (S4U2Self)

23

24

25 demo

26

27

28

29 John has designed and implemented computing systems ranging from high-speed industrial controllers through to distributed IT systems with a focus on security and high-availability. A key player in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals that require optimized IT systems. Developed technical training courses that have been published worldwide, co-authored a highly successful book on Microsoft Active Directory Internals, presents regularly at major international conferences including, TechEd, IT Forum and European summits. John can be engaged as a consultant or booked for speaking engagements through XTSeminars. www.xtseminars.co.ukwww.xtseminars.co.uk

30

31

32 www.microsoft.com/teched Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn http://northamerica.msteched.com Connect. Share. Discuss.

33

34 Scan the Tag to evaluate this session now on myTechEd Mobile

35

Download ppt "SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
SIM311. Built on top of Microsoft ® System Center Configuration ManagerBuilt on top of Microsoft ® System Center Configuration Manager Supports all.

SIM311. Built on top of Microsoft ® System Center Configuration ManagerBuilt on top of Microsoft ® System Center Configuration Manager Supports all.
SIM201. Announcing… copyright chappellseminars.com some hosts comply; RST = closed no = response open some hosts comply; RST = closed no = response.

SIM201. Announcing… copyright chappellseminars.com some hosts comply; RST = closed no = response open some hosts comply; RST = closed no = response.
WSV304 Manual Deployment High cost Fully Automated Low cost.

WSV304 Manual Deployment High cost Fully Automated Low cost.
OSP303. demo Status Bar Notification.

OSP303. demo Status Bar Notification.
Implementing and Administering AD FS

Implementing and Administering AD FS
SIM344. 2 Separate solution install paths can be taken, stand alone and SCOM integrated. Both require core AVIcode web apps and DB’s.

SIM Separate solution install paths can be taken, stand alone and SCOM integrated. Both require core AVIcode web apps and DB’s.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
SIM346. General information about the software application.

SIM346. General information about the software application.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
DEV202 Before I get started... …is too expensive. …is too complex. …requires a server.

DEV202 Before I get started... …is too expensive. …is too complex. …requires a server.
WSV314. MAP 5.5 Internet ExplorerWindows 7 Software Usage Tracking Heterogeneous Server & Database Inventory Windows Server 2008 R2 Hyper-V SQL Server.

WSV314. MAP 5.5 Internet ExplorerWindows 7 Software Usage Tracking Heterogeneous Server & Database Inventory Windows Server 2008 R2 Hyper-V SQL Server.
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
WCL309. Demo.

WCL309. Demo.
SIM329. Certificate Enrollment Without CEP/CES Certificate Authority Active Directory Client Workstations 3 4 1 2 LDAP RPC/DCOM.

SIM329. Certificate Enrollment Without CEP/CES Certificate Authority Active Directory Client Workstations LDAP RPC/DCOM.
SIM402. Kerberos, NTLM, Basic, Digest, Forms?

SIM402. Kerberos, NTLM, Basic, Digest, Forms?
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,

WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,

Similar presentations

Ads by Google