Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

Similar presentations


Presentation on theme: "SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner."— Presentation transcript:

1 SIM403

2

3 Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner organization Your organization Claims Provider Trust

4 AD Acceptance Transform rules ST Issuance Transform rules Issuance Authorization rules ST Acceptance Transform rules Issuance Transform rules Issuance Authorization rules AD Acceptance Transform rules ST Issuance Transform rules Issuance Authorization rules ST Acceptance Transform rules Relying Party Trusts Claims Provider Trusts Relying Party Trusts Claims Provider Trusts

5 demo

6 ADFS STS

7

8 Active Directory Configuration SQL Cluster Firewall & Load Balancer Perimeter Network ADFS Proxy Farm Firewall & Load Balancer Internet Intranet ADFS Federation Farm Remote userCorpNet users Forms Authentication

9

10 adfs.example.com Domain joined proxies simplify management through group policy May not meet your security requirements Domain joined proxies simplify management through group policy May not meet your security requirements

11 ADFS v 2.0 Claims aware application UAG Kerberos application Publishes ADFS Farm Publishes Applications Active Directory

12 Multiple authentication options DirectAccess HTTP/HTTPS Layer3 VPN Application publishing Optimizer modules for Exchange SharePoint CRM Reverse proxy for Web farms Third party support RemoteApps via Integrated Remote Desktop Services Gateway

13

14 Evaluate Endpoint Access Settings Evaluate Endpoint Access Settings Authenticate user against authentication servers Authentication Servers Authentication Servers External IP and URL HTTP or HTTPS External IP and URL HTTP or HTTPS UAG Trunk Trunk Portal Add Applications to Trunk

15

16

17 demo

18 https://adfs.example.com Terminates HTTPS and then sends to ADFS Farm CTB prevents server accepting credentials from new SSL channel

19

20 demo

21 Authentication via SAML security token UAG ADFS Request Kerberos Ticket to APP1 on behalf of user Authenticate to APP1 using Kerberos App1 Authentication & Authorization via Kerberos ticket Domain Controller running KDC

22 KDC UAG Server Tom TGT K-ST Data server Claims Authentication Request Kerberos token with user’s identity Request Kerberos ST with user’s identity K-ST Impersonate user Uses: Kerberos extension Service-for-User-to-Self (S4U2Self)

23

24

25 demo

26

27

28

29 John has designed and implemented computing systems ranging from high-speed industrial controllers through to distributed IT systems with a focus on security and high-availability. A key player in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals that require optimized IT systems. Developed technical training courses that have been published worldwide, co-authored a highly successful book on Microsoft Active Directory Internals, presents regularly at major international conferences including, TechEd, IT Forum and European summits. John can be engaged as a consultant or booked for speaking engagements through XTSeminars. www.xtseminars.co.ukwww.xtseminars.co.uk

30

31

32 www.microsoft.com/teched Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn http://northamerica.msteched.com Connect. Share. Discuss.

33

34 Scan the Tag to evaluate this session now on myTechEd Mobile

35


Download ppt "SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner."

Similar presentations


Ads by Google