steve plank “planky” microsoft connecting your private and public clouds with adfs

agenda federation primer adfs with windows azure adfs with office 365

security token service service that issues tokens – give it something user-id/password x.509 cert another security token – get a security token back saml swt “cookie” custom “something”security token

claims transformation sts title dept tel no. buyer engineering title dept tel no. purchaser engineering £limit if title == “buyer” AND department == “engineering”: purchaselimit = “£5m” if title == “buyer” AND department == “stationary”: purchaselimit = “£50” £5m

applicationplankytronixx.com authn with federation provider federation provider application adfs 2 ad dc ctrl-alt-del federation trust

service relationships adfs 2.0 app federation provider identity provider identity provider relying party relying party adfs 2.0 federation provider app iprp X X X X

windows azure wif plankytronixx.com acs/adfs authentication flow app fab acs web app adfs 2 ad dc ctrl-alt-del federation trust federation metadata

roles claims store: stores claims: – , firstname, telno, etc… active directory identity provider (ip): authenticate, issues tokens – user-id/pw, x.509, smartcard…. adfs2, acs, mfg federation provider (fp): – token in; token out. claims transformation… acs, mfg relying party (rp): – app that consumes tokens: custom app;office365 trust: – links rp-fp, fp-ip etc.

agenda federation primer adfs with windows azure adfs with office 365

windows azure wif plankytronixx.com acs/adfs authentication flow app fab acs web app adfs 2 ad dc ctrl-alt-del federation trust

agenda federation primer adfs with windows azure adfs with office 365

office 365 plankytronixx.com mfg/adfs authentication flow microsoft federation gateway adfs 2 fred bob john sarah planky mailboxes msolid authn platform ad dc upn suffix: paul365.com dir sync

review federation primer adfs with windows azure adfs with office 365 blogs.msdn.com/plankytronixx

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.