Presentation is loading. Please wait.

Presentation is loading. Please wait.

Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318.

Published byDorothy Cummings Modified over 9 years ago

Similar presentations

Presentation on theme: "Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318."— Presentation transcript:

1

2 Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318

3

4 Identity Provider Application Provider Application Federation Service Active Directory

5 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect?

6 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery

7 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD

8 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules

9 Identity Provider Application Provider Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules 5. Redirects to application

10 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect?

11 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery

12 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD

13 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules

14 Application Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to IdP Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules 5. Redirects to application

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30 ASP.Net Page: HRD.aspx When service loads HRD.aspx page, check wtrealm and lookup HRD experience to display

31 ASP.Net Page: HRD.aspx ASP.Net User Control (.ascx) For each application which requires, convert their desired page from.aspx to.ascx and load into a full screen panel in the.aspx page Note the.aspx page needs a selectWHR method calling SelectHomeRealm()

32

33

34

35

36 Note that this team did not want all 4 HRD options to be displayed? That’s a problem…

37

38

39

40 dXJuOmZlZGVyYXRpb246TVNGVA== Base64 encoded value: urn:federation:MSFT This is the federation service identifier for the claims provider trust partner that the HRD cookie maps to

41

42

43

44

45

46

47 Claim TypeDescription X-MS-ProxyIndicates that a user was auth’ed by the FS-P X-MS-Forwarded-Client-IPIP address of the user. “Best effort”, IPv4 only. X-MS-Client-ApplicationProtocol used by the end client, e.g.: Microsoft.Exchange.ActiveSync Microsoft.Exchange.Powershell Microsoft.Exchange.SMTP X-MS-Client-User-AgentDevice type used by an EAS client, e.g.: Apple-iPad1C1/812.1 Apple-iPhone/704.11 SAMSUNGSPHD700/100.202 X-MS-Endpoint-Absolute-PathIndicates requested endpoint, active vs. passive

48

49

50

51

52 The default IE user experience does not render anything in the browser behind the credential pop- up

53

54

55

56

57

58

59 DOWNLOAD Windows Server 2012 Release Candidate microsoft.com/windowsserver #TE(sessioncode) DOWNLOAD Microsoft System Center 2012 Evaluation microsoft.com/systemcenter Hands-On Labs Talk to our Experts at the TLC

60 Connect. Share. Discuss. http://europe.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

61 Evaluations http://europe.msteched.com/sessions Submit your evals online

62

Download ppt "Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318."

Similar presentations

Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.

Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.
Windows Server 2012 + Advanced Storage Solutions = Datacenter Elevation Alex Jauch Architect NetApp John Parker Technical Marketing Manager NetApp.

Windows Server Advanced Storage Solutions = Datacenter Elevation Alex Jauch Architect NetApp John Parker Technical Marketing Manager NetApp.
Kevin Donovan Program Manager, Office BI Microsoft Corporation

Kevin Donovan Program Manager, Office BI Microsoft Corporation
What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.

What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Cloudy Weather: How Secure Is the Cloud? David Aiken Windows Azure Microsoft Corporation.

Cloudy Weather: How Secure Is the Cloud? David Aiken Windows Azure Microsoft Corporation.
Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.

Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.
Introducing the New Visual Studio 2012 Unit Testing Experience Peter Provost Sr. Program Manager Lead Microsoft Corporation DEV214.

Introducing the New Visual Studio 2012 Unit Testing Experience Peter Provost Sr. Program Manager Lead Microsoft Corporation DEV214.
Windows Azure SQL Reporting Dany Hoter Senior Program Manager Microsoft Corporation Ola Lavi Software Development Engineer Microsoft Corporation.

Windows Azure SQL Reporting Dany Hoter Senior Program Manager Microsoft Corporation Ola Lavi Software Development Engineer Microsoft Corporation.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Best Practices for Designing and Consolidating Group Policy for Performance and Security Darren Mar-Elia Group Policy MVP, CTO & Founder SDM Software,

Best Practices for Designing and Consolidating Group Policy for Performance and Security Darren Mar-Elia Group Policy MVP, CTO & Founder SDM Software,
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Deep Application Management with Microsoft System Center 2012 Configuration Manager Adwait Joshi Senior Product Marketing Manager Microsoft Corporation.

Deep Application Management with Microsoft System Center 2012 Configuration Manager Adwait Joshi Senior Product Marketing Manager Microsoft Corporation.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.

Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.
Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.

Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.
Top 10 Production Experiences with Service Manager and Orchestrator Nathan Lasnoski Infrastructure Architect Microsoft MVP Concurrency.

Top 10 Production Experiences with Service Manager and Orchestrator Nathan Lasnoski Infrastructure Architect Microsoft MVP Concurrency.
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
Tips & Tricks for Creating Custom Management Packs for Microsoft System Center Operations Manager Mickey Gousset Principal Consultant Infront Consulting.

Tips & Tricks for Creating Custom Management Packs for Microsoft System Center Operations Manager Mickey Gousset Principal Consultant Infront Consulting.

Similar presentations

Ads by Google