SIM402. Kerberos, NTLM, Basic, Digest, Forms?

Slides:



Advertisements
Similar presentations
Active Directory Federation Services How does it really work?
Advertisements

4/10/2017 2:53 PM SIM202 We Don't Need No Stinkin' GUI: Command-Line Capture Techniques (Remote Options) Laura Chappell Founder, Wireshark University Founder,
DEV333. Describe each main attack Demo how the attack works Fix our poor vulnerable application! Why Script Kiddies, Why? Click to Hack.
SIM201. Announcing… copyright chappellseminars.com some hosts comply; RST = closed no = response open some hosts comply; RST = closed no = response.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
WSV304 Manual Deployment High cost Fully Automated Low cost.
Self Assessment COS202 a-Expense.
SIM Separate solution install paths can be taken, stand alone and SCOM integrated. Both require core AVIcode web apps and DB’s.
DBI331. Cube Measure Group Measure Partition Cube Dimension Dimension Attribute Relationship Hierarchy Level Cube Attribute Cube Hierarchy Measure.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
SIM346. General information about the software application.
Sneak Peek at Microsoft System Center Service Manager 2012 Concepts
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
DEV314. Entity Data Model demo Entity Data Model.
Troubleshooting Federation, AD FS 2.0, and More…
WCL309. Demo.
WCL 319. fast clean trusted interoperable IT friendly.
SIM329. Certificate Enrollment Without CEP/CES Certificate Authority Active Directory Client Workstations LDAP RPC/DCOM.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
OSP317. Built on SharePoint Leverage one or more out of the box or custom features. These features can typically live on there own Like any other.
SIM301-R. Courtesy Of CRN Wi Fi Alliance.
SIM314 Introduction Transport Layer Summary Network Layer.
SIM335 Demo 6 7 NetApp Confidential - Internal Use Only.
demo.
Troubleshooting Federation, AD FS 2.0, and More…
Federation and Federated Identity: Part 2 Building Federated Identity Solutions with Forefront Unified Access Gateway (UAG) and ADFS v2 John Craddock Infrastructure.
Windows Azure Insights for the Enterprise IT Pro John Craddock Infrastructure and Identity Architect XTSeminars AZR301.
WPH202. announcement Dublin Singapore Redmond Sao Paulo Three million+ messages per day internally 74,589 Mobile devices syncing daily 550 sites.
Margin Content Padding Border.
DBI326. PhraseGoal “Data Mining”Inform actionable decisions “Machine Learning”Determine best performing algorithm.
WCL308. (While you’re sitting there, sign up for the GPanswers.com Tip of the Week … (Scan a tag.. Fill out the little form…) and enter to win a copy.
DPR302.
SIM328. Access Control List Perimeter No Yes Firewall Perimeter Authorized Users Unauthorized Users Information Leakage Unauthorized Users …but.
EXL321. Lync 2010 Planning tool+ Planning guides+ * new in LS significant enhancements in LS 2010.
2.
WCL304.

DPR305. Controller Model View Client Business Objects Server Business Objects Data.
MID305. AppFabric / Host WF Runtime Extensions Tracking Persistence … … Tooling VS Designer VS Debugger Rehosted Designer Workflow Activity Library.
OSP402 Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub.
DEV211. The simplest way to create business applications for the desktop and the cloud.
OSP324. Active Directory User directory synchronization User single-sign on Client distribution Availability monitoring User directory synchronization.
SIM333 Microsoft Confidential Simplified Management Manage FPE 2010 and FPSP 2010 Server Discovery and Grouping FPSMC agent deployment Deploy.
DBI325. Monitoring Analytics Support will extend to Analysis Services in the Denali release.
SIM401. A. Datum Account Forest Trey Research Resource Forest Federation Trust Microsoft (Users) E-Company Store (Resource) Contoso(Users)Contoso(Users)Fabrikam(Resource)Fabrikam(Resource)
DPR301 demo Executable Requirements.
Data transport Cloud Backend Data transport Cloud Backend Cloud Provider Backend Virtualization Sidechannels You Clients Logons Who’s responsibility.
OSP318. ProfileSynchronizationServiceInstanceProfileSynchronizationServiceInstance Profile Service Instance Instance.
WPH303 announcement demo.
VIR326. Dell Compellent always puts the right data in the right place at the right time at the right cost. That’s Fluid Data.
DEV351.
DEV332. Required Slide Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that.
#TEDEV342 A A B B I currently deploy via FTP directly to my host. My deployment is manual because I need to set permissions on the target server.
DEV203. Coded workflows Declarative workflows Web part hook-up Professional developerBusiness Analyst/Process Designer List definitions Event receivers.
Learn more: Download SCM: Join the TechNet Wiki community:
Redeploying from on-premises to the cloud SharePoint burst out to Azure Hybrid event based applications Building a private cloud.
OSP-302. DescriptionUri All lists on a site.../_vti_bin/ListData.svc All Items in a named list.../_vti_bin/ListData.svc/MyList 2nd Item in the list.../_vti_bin/ListData.svc/MyList(2)
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
DEV348. demo Valid HTML5 Syntax demo.
SIM323. Active Directory ? ? ? ? ? ? ? ? ?
WSV303. I live here... DC DNS DHCP WDS Clients DC DNS WDS/DHCP DC/DNS.
DEV354. Describe your data Create screens for common tasks Author business logic Customize screen layouts Define custom queries Create custom Silverlight.
DEV325. ODATA Service metadata demo.
WCL301. demo Basic Custom XML-file.
DEV336. demo HTTP Packet Trace GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible;
About Me AUTHENTICATION Identity Provider.

DEV355 Jack Swigert demo my wife demo.
DEV353. Required Slide Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification.
1/3/2019 1:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
Presentation transcript:

SIM402

Kerberos, NTLM, Basic, Digest, Forms?

Federation of Identity

Identity Provider (IP) Active Directory Security Token Service (STS) User / Subject /Principal Requests token for AppX Issues Security Token crafted for Appx Relying party (RP)/ Resource provider Issuer IP-STS Trusts the Security Token from the issuer The Security Token Contains claims about the user For example: Name Group membership User Principal Name (UPN) address of user address of manager Phone number Other attribute values Security Token “Authenticates” user to the application ST Signed by issuer AppX Authenticates user

demo

ADFS STS Claims-aware app Active Directory Browse app Not authenticated Redirected to STS Authenticate Our user Query for user attributes Return Security Token Return cookies and page Send Token App trusts STS ST

Process token Home realm discovery Redirected to partner STS requesting ST for partner user Return ST for consumption by your STS Return new ST Your ADFS STS Your Claims-aware app Active Directory Partner user Partner ADFS STS & IP Redirected to your STS Authenticate Send Token Return cookies and page Browse app Not authenticated Redirect to your STS ST App trusts STSYour STS trusts your partner’s STS

Communication A Signing Relying partyIssuer ST Encryption ST B Public key of C C Public key of D D Root for ARoot for B

Claims-aware application ADFS 2.0 Active Directory Define AD as claims provider APP1 Define STS1 as claims provider STS1 Define APP1 as Relying party

demo

AD Issuance Transform rules Issuance Authorization rules ST Acceptance Transform rules Relying Party Trusts Claims Provider Trusts Specify the users that are permitted to access the relying party Specify incoming claims that will be accepted from the claims provider and passed to the pipeline Permit: specifies claims that will be sent to the relying party Deny: Not processed Permit: specifies claims that will be sent to the relying party Deny: Not processed Claims Provider Trusts

Condition Issuance Statement

Claim Rule Language

demo

Claims Trust Relying Party x Relying Party Trust Claims Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner organization Your organization

Partner user Client request token for access to relying party x Your Organization ADFS Claims Trust Relying Party Trust Relying Party x Processes Acceptance Transform Rules Processes Issuance Authorization Rules If allowed processes Issuance Rules ST Returns token for Relying Party x If denied Processing ends Security Token Service (STS) ST from Partner ST Trusted Partner ST

Process token Home realm discovery ST Redirected to partner STS requesting ST for partner user Return ST for consumption by your STS Return new ST ST Your ADFS STS Your Claims-aware app Active Directory Partner user Partner ADFS STS & IP Redirected to your STS ST Authenticate Send Token Return page and cookie Browse app Not authenticated Redirect to your STS

John has designed and implemented computing systems ranging from high-speed industrial controllers through to distributed IT systems with a focus on security and high-availability. A key player in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals that require optimized IT systems. Developed technical training courses that have been published worldwide, co-authored a highly successful book on Microsoft Active Directory Internals, presents regularly at major international conferences including, TechEd, IT Forum and European summits. John can be engaged as a consultant or booked for speaking engagements through XTSeminars.

Required Slide Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that relate to your session. Also indicate when they can find you staffing in the TLC.

Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers Connect. Share. Discuss.

Scan the Tag to evaluate this session now on myTechEd Mobile

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.