Presentation is loading. Please wait.

Presentation is loading. Please wait.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in."— Presentation transcript:

1

2

3

4 Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in Separate Sign-in Separate Sign-in Additional Provisioning Additional Provisioning Additional Provisioning Additional Provisioning Additional Provisioning

5

6 Claims Framework Your App 4. Send claims trust 2. Look up claims, transform for application 1. Authenticate 3. Return claims Relying Party Client Identity Provider Fed Client (optional)

7 “Geneva” Framework Your App trust Relying Party Client “Geneva” ServerActive Directory SQLAttributeStoreSQLAttributeStore Windows CardSpace “Geneva”

8 Windows Identity Foundation Your App trust Relying Party Client Active Directory Federation Services 2.0 Active Directory SQLAttributeStoreSQLAttributeStore Windows CardSpace 2.0

9 trust Relying Party Frank Miller SharePoint 2007 2. Redirect to STS 1. Attempt access 3. Home realm discovery 4. Redirect to STS 5. Authenticate FabrikamContoso Windows Identity Foundation AD FS 2.0

10 trust Relying party Frank Miller SharePoint 2007 9. Post claims 7. Post claims 8. Get claims 6. Get claims FabrikamContoso Windows Identity Foundation

11 From Fabrikam To LOB Application [type == “Role”, value == “Plant Manager”] => issue (type = “Role”, value = “Buyer”); [type == “Role”, value == “Plant Manager”] => issue (type = “Role”, value = “Buyer”); Fabrikam Authority Policy {Role, Plant Manager} To SharePoint [type == “Role”, value == “Buyer”] => issue (type = “Role”, value = “Purchaser”); [type == “Role”, value == “Buyer”] => issue (type = “Role”, value = “Purchaser”); AutoParts Relying Party Policy [type == “Role”, value == “Buyer”] => issue (type = “Role”, value = “Visitor”); [type == “Role”, value == “Buyer”] => issue (type = “Role”, value = “Visitor”); SharePoint Relying Party Policy {Role, Purchaser}{Role, Visitor} Contoso AD FS 2.0 Server {Role, Buyer}

12 AD FS 2.0 Microsoft Federation Gateway trust Relying party Frank Miller SharePointOnlineSharePointOnline FabrikamMicrosoft Online ExchangeOnlineExchangeOnline CRM Online ……

13

14

15

16 Front End AD FS 2.0 Frank Miller Windows Identity Foundation Web Application Back End Windows Identity Foundation Web Service 1. Post claims 2. Get claims 3. Send claims trust

17 STS „Geneva“ Server (Beta 2) Web Service Provider SAP NetWeaver 7.02 Web Service Consumer.NET 3.5 Trust User Mapping in AD/“Geneva“ Server Registration of SAP Enterprise Service as Relying Party in „Geneva“ Server STS Configuration of „Geneva“ Server in SAP Generated Consumer WCF Binding based on Provider Policy

18

19

20

21

22 AD FS 2.0 Card Issuance Token Issuance Management APIs and UX Metadata AD FS 2.0 Proxy Token Issuance Proxy Metadata Proxy Internet Client Configuration Database Intranet Client Attribute Stores AD FS 2.0 Components

23 Active Directory Configuration SQL Cluster Load Balancer Intranet AD FS 2.0 Farm Perimeter Network Proxy Farm All Intranet Servers Domain Joined Load Balancer

24

25

26

27

28

29

30

31

Download ppt "Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
Securing Your Applications and Web Services with the Geneva Framework Jim Lavin.

Securing Your Applications and Web Services with the Geneva Framework Jim Lavin.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
 Rich Randall Development Lead Microsoft Corporation BB44.

 Rich Randall Development Lead Microsoft Corporation BB44.
Microsoft Identity Solutions

Microsoft Identity Solutions
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Implementing and Administering AD FS

Implementing and Administering AD FS
Introducing Windows Server 2012 R2 Work Folders:

Introducing Windows Server 2012 R2 Work Folders:
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft

SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,

Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.

 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.

 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Similar presentations

Ads by Google