Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318.

Slides:



Advertisements
Similar presentations
Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.
Advertisements

Windows Server Advanced Storage Solutions = Datacenter Elevation Alex Jauch Architect NetApp John Parker Technical Marketing Manager NetApp.
Kevin Donovan Program Manager, Office BI Microsoft Corporation
What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Cloudy Weather: How Secure Is the Cloud? David Aiken Windows Azure Microsoft Corporation.
Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.
Introducing the New Visual Studio 2012 Unit Testing Experience Peter Provost Sr. Program Manager Lead Microsoft Corporation DEV214.
Windows Azure SQL Reporting Dany Hoter Senior Program Manager Microsoft Corporation Ola Lavi Software Development Engineer Microsoft Corporation.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Best Practices for Designing and Consolidating Group Policy for Performance and Security Darren Mar-Elia Group Policy MVP, CTO & Founder SDM Software,
Active Directory Integration with Microsoft Office 365
Deep Application Management with Microsoft System Center 2012 Configuration Manager Adwait Joshi Senior Product Marketing Manager Microsoft Corporation.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.
Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.
Top 10 Production Experiences with Service Manager and Orchestrator Nathan Lasnoski Infrastructure Architect Microsoft MVP Concurrency.
Troubleshooting Federation, AD FS 2.0, and More…
Tips & Tricks for Creating Custom Management Packs for Microsoft System Center Operations Manager Mickey Gousset Principal Consultant Infront Consulting.
The Network Files, Case #53: Diagnosing diseases of DNS Presented by Mark Minasi for newsletters, audio sets etc WSV313.
SIM402. Kerberos, NTLM, Basic, Digest, Forms?
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Enabling Disaster Recovery for Hyper-V Workloads Using Hyper-V Replica Shreesh Dubey Principal Group Program Manager Microsoft Corporation VIR302.
Active Directory Domain Services on Windows Azure Virtual Machines Samuel Devasahayam Active Directory Product Group Microsoft SIA205.
RemoteFX and RDP Rocking RDS in Windows Server 2012 Adam Carter Product Marketing Manager Microsoft Corporation Rob Williams Principal Program Manager.
Accelerating the Power of the Cloud with Microsoft Private Cloud Fast Track and EMC Infrastructure Mike McGhee Solutions Engineer EMC Corporation WSV211.
Building Metro style UIs Paul Gusmorino Lead Program Manager Microsoft Corporation DEV354.
Troubleshooting Federation, AD FS 2.0, and More…
A long time ago, before I started working in the PC world, I was a government economist. I don't do that any more, but being an economist gives you a framework.
Preparing to Support Enterprise Applications on Windows Azure Eric Mattingly Service Engineer Microsoft Corporation AZR301.
The Dirty Dozen: Windows PowerShell Scripts for the Busy DBA Ike Ellis.
Best Practices and Lessons Learned: Private Cloud Deployment in the Enterprise Ryan Sokolowski Senior Consultant, Microsoft Consulting Services Microsoft.
Visual Studio Tips & Tricks Dustin Campbell Microsoft Corporation Scott Cate EventDay.com DEV319.
Using the Windows Server 2012 Server Manager for Remote and Multi-Server Management Wale Martins Senior Program Manager Microsoft Corporation WSV335.
Windows Azure Active Directory Graph API
Using the Windows Server 2012 Server Manager for Remote and Multi-Server Management Ian Lucas Principal Program Manager Microsoft Corporation WSV335.
App Controller Richard Rundle Ketan Ghelani Program Managers Microsoft Corporation MGT303.
What's New with IIS 8 Performance, Scalability, and Security Robert McMurray Program Manager Microsoft Corporation WSV332.
IPv6 (Hard)core Networking Services Daniel Sörlöv Senior Consultant, Trainer & Speaker Svensk IT Funktion AB WSV312.
The Network Files, Case #53: Diagnosing diseases of DNS Presented by Mark Minasi for newsletters, audio sets etc WSV313.
Evolutions in Data Protection in a Windows World Mike Resseler Senior Technical Consultant Infront MGT323.
A Lap Around Windows Azure Active Directory Stuart Kwan Lead Principal Program Manager Microsoft Corporation SIA209.
Module 11: Securing a Microsoft ASP.NET Web Application.
Understanding and Deploying Hosted Private Cloud: Concepts and Implementation WSV320.
Making Entitlements in AD Understandable to the Business Rob de Jong Senior Program Manager Microsoft Corporation SIA314.
What’s New with IIS 8: Open Web Platform for Cloud Shaun Eagan Senior Program Manager Microsoft Corporation Wade A. Hilmo Principal Development Lead Microsoft.
Demystifying Forefront Edge Security Technologies – TMG and UAG Richard Hicks Director – Sales Engineering Celestix Networks, Inc. SIA208.
SIM401. A. Datum Account Forest Trey Research Resource Forest Federation Trust Microsoft (Users) E-Company Store (Resource) Contoso(Users)Contoso(Users)Fabrikam(Resource)Fabrikam(Resource)
FDN03. Source: IDC, Media Tablet Multi-Client Study, February Note: IDC only surveyed iPad owners for this study.
IPv6 (Hard)core Networking Services Daniel Sörlöv Senior Consultant, Trainer & Speaker Svensk IT Funktion AB WSV312.
What’s New in Active Directory in Windows Server 2012 Samuel Devasahayam Active Directory Product Group Microsoft Ulf Simon-Weidner Senior Consultant,
Taking Control of Visual Studio through Extensions and Extensibility Anthony Cangialosi Senior Program Manager Lead Microsoft Corporation DEV311.
Sysinternals Primer: Gems Aaron Margosis Principal Consultant Microsoft Corporation SIA311.
Brian Puhl Principal Technology Architect MSIT Identity & Access Management Microsoft Corporation SESSION CODE: SIA302.
OSP201: Creating Self- Service BI Solutions with SharePoint Server 2010 Peter Myers.
Enabling Disaster Recovery for Hyper-V Workloads Using Hyper-V Replica Vijay Sistla Senior Program Manager Microsoft Corporation VIR302.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Building a Highly Available Failover Cluster Solution with Windows Server 2012 from the Ground UP Rob Hindman Program Manager Microsoft Corporation WSV324.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
What web developers need to know when building Metro style apps Scott Dickens Principal Program Manager Lead Microsoft Corporation DEV352.
Deploying Private Clouds (Lessons Learned from the Windows Server 2012 TAP) Pat Fetty and Allen Stewart Principal Program Manager and Principal Group Program.
Managing and Extending Active Directory Federation Services Brian Puhl Technology Architect Microsoft Corporation SIA318.
Demystifying Forefront Edge Security Technologies – TMG and UAG Richard Hicks Director – Sales Engineering Celestix Networks, Inc. SIA208.
Microsoft Ignite /20/2017 9:04 PM
How to (un)destroy your Active Directory
What’s New with IIS 8: Open Web Platform for Cloud
Office 365 Identity Management
AD FS Installation Active Directory Federation Services (AD FS) 7.1
Building Business Applications in LightSwitch
Presentation transcript:

Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318

Identity Provider Application Provider Application Federation Service Active Directory

Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect?

Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery

Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD

Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules

Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules 5. Redirects to application

Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect?

Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery

Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD

Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules

Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules 5. Redirects to application

ASP.Net Page: HRD.aspx When service loads HRD.aspx page, check wtrealm and lookup HRD experience to display

ASP.Net Page: HRD.aspx ASP.Net User Control (.ascx) For each application which requires, convert their desired page from.aspx to.ascx and load into a full screen panel in the.aspx page Note the.aspx page needs a selectWHR method calling SelectHomeRealm()

Note that this team did not want all 4 HRD options to be displayed? That’s a problem…

dXJuOmZlZGVyYXRpb246TVNGVA== Base64 encoded value: urn:federation:MSFT This is the federation service identifier for the claims provider trust partner that the HRD cookie maps to

Claim TypeDescription X-MS-ProxyIndicates that a user was auth’ed by the FS-P X-MS-Forwarded-Client-IPIP address of the user. “Best effort”, IPv4 only. X-MS-Client-ApplicationProtocol used by the end client, e.g.: Microsoft.Exchange.ActiveSync Microsoft.Exchange.Powershell Microsoft.Exchange.SMTP X-MS-Client-User-AgentDevice type used by an EAS client, e.g.: Apple-iPad1C1/812.1 Apple-iPhone/ SAMSUNGSPHD700/ X-MS-Endpoint-Absolute-PathIndicates requested endpoint, active vs. passive

The default IE user experience does not render anything in the browser behind the credential pop- up

DOWNLOAD Windows Server 2012 Release Candidate microsoft.com/windowsserver #TE(sessioncode) DOWNLOAD Microsoft System Center 2012 Evaluation microsoft.com/systemcenter Hands-On Labs Talk to our Experts at the TLC

Connect. Share. Discuss. Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

Evaluations Submit your evals online

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.