Download presentation
Presentation is loading. Please wait.
Published byKatrina Poole Modified over 9 years ago
1
SIM403
3
Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner organization Your organization Claims Provider Trust
4
AD Acceptance Transform rules ST Issuance Transform rules Issuance Authorization rules ST Acceptance Transform rules Issuance Transform rules Issuance Authorization rules AD Acceptance Transform rules ST Issuance Transform rules Issuance Authorization rules ST Acceptance Transform rules Relying Party Trusts Claims Provider Trusts Relying Party Trusts Claims Provider Trusts
5
demo
6
ADFS STS
8
Active Directory Configuration SQL Cluster Firewall & Load Balancer Perimeter Network ADFS Proxy Farm Firewall & Load Balancer Internet Intranet ADFS Federation Farm Remote userCorpNet users Forms Authentication
10
adfs.example.com Domain joined proxies simplify management through group policy May not meet your security requirements Domain joined proxies simplify management through group policy May not meet your security requirements
11
ADFS v 2.0 Claims aware application UAG Kerberos application Publishes ADFS Farm Publishes Applications Active Directory
12
Multiple authentication options DirectAccess HTTP/HTTPS Layer3 VPN Application publishing Optimizer modules for Exchange SharePoint CRM Reverse proxy for Web farms Third party support RemoteApps via Integrated Remote Desktop Services Gateway
14
Evaluate Endpoint Access Settings Evaluate Endpoint Access Settings Authenticate user against authentication servers Authentication Servers Authentication Servers External IP and URL HTTP or HTTPS External IP and URL HTTP or HTTPS UAG Trunk Trunk Portal Add Applications to Trunk
17
demo
18
https://adfs.example.com Terminates HTTPS and then sends to ADFS Farm CTB prevents server accepting credentials from new SSL channel
20
demo
21
Authentication via SAML security token UAG ADFS Request Kerberos Ticket to APP1 on behalf of user Authenticate to APP1 using Kerberos App1 Authentication & Authorization via Kerberos ticket Domain Controller running KDC
22
KDC UAG Server Tom TGT K-ST Data server Claims Authentication Request Kerberos token with user’s identity Request Kerberos ST with user’s identity K-ST Impersonate user Uses: Kerberos extension Service-for-User-to-Self (S4U2Self)
25
demo
29
John has designed and implemented computing systems ranging from high-speed industrial controllers through to distributed IT systems with a focus on security and high-availability. A key player in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals that require optimized IT systems. Developed technical training courses that have been published worldwide, co-authored a highly successful book on Microsoft Active Directory Internals, presents regularly at major international conferences including, TechEd, IT Forum and European summits. John can be engaged as a consultant or booked for speaking engagements through XTSeminars. www.xtseminars.co.ukwww.xtseminars.co.uk
32
www.microsoft.com/teched Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn http://northamerica.msteched.com Connect. Share. Discuss.
34
Scan the Tag to evaluate this session now on myTechEd Mobile
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.