Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brian Puhl Technology Architect Microsoft IT Session Code: ITS212.

Published byDarrell Marsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Brian Puhl Technology Architect Microsoft IT Session Code: ITS212."— Presentation transcript:

1

2 Brian Puhl Technology Architect Microsoft IT Session Code: ITS212

3 Agenda Federating identities Microsoft IT Federation environment Introducing Geneva Server Migrating from ADFS to Geneva Identity management when federating Microsoft IT Federation scenarios

4 Your COMPANY and your EMPLOYEES Your SUPPLIERS Your REMOTE and VIRTUAL EMPLOYEES Your CUSTOMERS Customer satisfaction and customer intimacy Cost competitiveness Reach, personalization Collaboration Outsourcing Faster business cycles; process automation Value chain M&A Mobile/global workforce Flexible/temp workforce Orgs Have to Extend Access Your PARTNERS

5 User Password Proliferation Domain Account REDMOND\BPuhl E-Company Store 163987 Fidelity 401K Social Security Number TravelPort 163987@microsoft.com Company Poll BPuhl Live Meeting BrianP Live ID imav8n@hotmail.com Marketing Leads App Brian.Puhl Generic ID for everything else imav8n Sub-Keyboard Crypto API The same password for everything! Super-Secret Passphrase (more secure) - Only have to remember one thing - I never write it down - Easy for me to remember - Change it once per year Samantha_Is_17_Anika_Is_5

6 Agenda Federating identities Microsoft IT Federation environment Introducing Geneva Server Migrating from ADFS to Geneva Identity management when federating Microsoft IT Federation scenarios

7 Microsoft IT Federation Ecosystem ADFS v1 Federations Internal Network Perimeter Network 59 Federations 29 unique partners Using Ping, IBM, & Others Worldwide usage Corp (Internal) Live ID / Passport Self FS Proxies

8 Agenda Federating identities Microsoft IT Federation environment Introducing Geneva Server Migrating from ADFS to Geneva Identity management when federating Microsoft IT Federation scenarios

9 Geneva Server Security token service for AD Identity and federation provider Federation trust manager Automates trust management using metadata Standards-based and interoperable WS-* & SAML 2.0 protocols SAML 1.1 & 2.0 tokens Managed information card provider for AD CardSpace and 3 rd party identity selectors

10 Geneva Server Management APIs and UX Card Issuance Token Issuance MetadataMetadata Geneva Server Components Account Store Geneva Proxy Token Issuance Proxy Metadata Proxy Internet Client Policy Store Intranet Client

11 Geneva Server Management APIs and UX Card Issuance Token Issuance MetadataMetadata Geneva Server Components Account Store Geneva Proxy Token Issuance Proxy Metadata Proxy Internet Client Policy Store Intranet Client Geneva Clients: Web Browsers Windows CardSpace and Other Identity Selectors WS-* Aware Clients (WCF, etc.)

12 Geneva Server Management APIs and UX Card Issuance Token Issuance MetadataMetadata Geneva Server Components Account Store Geneva Proxy Token Issuance Proxy Metadata Proxy Internet Client Policy Store Intranet Client Geneva Policy Store: SQL Server

13 Geneva Server Management APIs and UX Card Issuance Token Issuance MetadataMetadata Geneva Server Components Account Store Geneva Proxy Token Issuance Proxy Metadata Proxy Internet Client Policy Store Intranet Client Geneva Server: Security Token Service for SOAP and browser clients Information card issuance web site Policy and service management

14 Agenda Federating identities Microsoft IT Federation environment Introducing Geneva Server Migrating from ADFS to Geneva Identity management when federating Microsoft IT Federation scenarios

15 Migrating from ADFS v1 to Geneva Identity Provider 1. Deploy parallel to ADFS 2. Configure Trust Policy using Powershell 3. Use client HOSTS files to test applications 4. Update DNS records Proxies look to internal Internet clients to proxie Internal Network Partner 1 Partner 2 Perimeter Network Geneva ADFS

16 Internal Network Perimeter Network Microsoft IT Federation Ecosystem

17 Agenda Federating Identities Microsoft IT Federation Environment Introducing Geneva Server Migrating from ADFS to Geneva Identity Management when Federating Microsoft IT Federation Scenarios

18 10 Things when troubleshooting federations

19 10. Network Connectivity & NLB 9. SQL Availability 8. URI’s 7. Event ID 111 6. Fiddler or HTTP Watch

20 5. Enabling Logging 4. Dirty Data 3. Immutable ID’s

21 Troubleshooting Federation “If your ADFS is broken, it’s PKI. If it’s not PKI, you’ve got a typo. If it’s not a typo, it’s PKI.” - Laura Hunter

22 Troubleshooting Federation PKI issues: CRL Validation (CDP’s not discoverable) Elliptical curve key algorithm Managing Certificate Renewals Certificates – They expire! Configuration issues: Case sensitivity counts where you’d least expect it Geneva needs both ports 80 and 443 Make your life simple with Metadata Exchange!

23 Demo

24 Security Considerations ServerTokenCryptoAdministrator Domain ControllerKerberos or NTLMShared SecretDomain Admin

25 Security Considerations ServerTokenCryptoAdministrator Domain ControllerKerberos or NTLMShared SecretDomain Admin Certificate Authorityx.509 certificateTrusted chainCertificate Admin

26 Security Considerations Treat your Geneva servers like domain controllers Your Geneva Server admins are like domain administrators Geneva includes claims policy language, which is extremely powerful Manage your certificates Token signing protects from man-in-the-middle attacks SSL validates the end-points ServerTokenCryptoAdministrator Domain ControllerKerberos or NTLMShared SecretDomain Admin Certificate Authorityx.509 certificateTrusted chainCertificate Admin Federation ServerSAMLx.509 certificate???

27 Agenda Federating Identities Microsoft IT Federation Environment Introducing Geneva Server Migrating from ADFS to Geneva Identity Management when Federating Microsoft IT Federation Scenarios

28 Geneva Server How Geneva is Changing Our Game

29 Geneva Server ADFS Partners

30 How Geneva is Changing Our Game Geneva Server ADFS Partners

31 How Geneva is Changing Our Game Geneva Server ADFS Partners SQL Authz Store

32 How Geneva is Changing Our Game Geneva Server ADFS Partners SQL Authz Store

33 How Geneva is Changing Our Game Geneva Server ADFS Partners SQL Authz Store Windows Live ID

34 Summary Federating identities is the path to SaaS Geneva is a lot more than just ADFS v2 Policy processing language Metadata Exchange SAML 2.0 Protocol Support Federation with Live ID Services

35

36 www.microsoft.com/teched Sessions On-Demand & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification & Training Resources Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online.

37 Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!

38 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Required Slide

Download ppt "Brian Puhl Technology Architect Microsoft IT Session Code: ITS212."

Similar presentations

MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
A claims-based Identity Metasystem

A claims-based Identity Metasystem
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Session 1.

Session 1.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
John “JG” Chirapurath Director, Identity & Security BG Microsoft SIA-205 Business Ready Security.

John “JG” Chirapurath Director, Identity & Security BG Microsoft SIA-205 Business Ready Security.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Identity & Access Control in the Cloud Name Title Organization.

Identity & Access Control in the Cloud Name Title Organization.
Bhushan NeneGrzegorz Gogolowicz Principal ArchitectSenior ArchitectMicrosoft Session Code: DEV304.

Bhushan NeneGrzegorz Gogolowicz Principal ArchitectSenior ArchitectMicrosoft Session Code: DEV304.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

customer.

customer.
“Click and Run ” “Click once repeat often” Admins Service Operations “ Install and forget” Engineering Support Key considerations: Deterministic, fool.

“Click and Run ” “Click once repeat often” Admins Service Operations “ Install and forget” Engineering Support Key considerations: Deterministic, fool.
Aaron Margosis Principal Consultant Microsoft Session Code: CLI405.

Aaron Margosis Principal Consultant Microsoft Session Code: CLI405.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.

demo Demo.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z01234567893.

demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
 Justin Smith Sr. Program Manager Microsoft Corporation BB28.

 Justin Smith Sr. Program Manager Microsoft Corporation BB28.

Similar presentations

Ads by Google