Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIM402. Kerberos, NTLM, Basic, Digest, Forms?

Published byMeagan Kelley Modified over 9 years ago

Similar presentations

Presentation on theme: "SIM402. Kerberos, NTLM, Basic, Digest, Forms?"— Presentation transcript:

1 SIM402

2

3

4 Kerberos, NTLM, Basic, Digest, Forms?

5

6

7

8 Federation of Identity

9 Identity Provider (IP) Active Directory Security Token Service (STS) User / Subject /Principal Requests token for AppX Issues Security Token crafted for Appx Relying party (RP)/ Resource provider Issuer IP-STS Trusts the Security Token from the issuer The Security Token Contains claims about the user For example: Name Group membership User Principal Name (UPN) Email address of user Email address of manager Phone number Other attribute values Security Token “Authenticates” user to the application ST Signed by issuer AppX Authenticates user

10

11

12

13 demo

14 ADFS STS Claims-aware app Active Directory Browse app Not authenticated Redirected to STS Authenticate Our user Query for user attributes Return Security Token Return cookies and page Send Token App trusts STS ST

15 Process token Home realm discovery Redirected to partner STS requesting ST for partner user Return ST for consumption by your STS Return new ST Your ADFS STS Your Claims-aware app Active Directory Partner user Partner ADFS STS & IP Redirected to your STS Authenticate Send Token Return cookies and page Browse app Not authenticated Redirect to your STS ST App trusts STSYour STS trusts your partner’s STS

16 Communication A Signing Relying partyIssuer ST Encryption ST B Public key of C C Public key of D D Root for ARoot for B

17

18

19 Claims-aware application ADFS 2.0 Active Directory Define AD as claims provider APP1 Define STS1 as claims provider STS1 Define APP1 as Relying party

20 demo

21

22 AD Issuance Transform rules Issuance Authorization rules ST Acceptance Transform rules Relying Party Trusts Claims Provider Trusts Specify the users that are permitted to access the relying party Specify incoming claims that will be accepted from the claims provider and passed to the pipeline Permit: specifies claims that will be sent to the relying party Deny: Not processed Permit: specifies claims that will be sent to the relying party Deny: Not processed Claims Provider Trusts

23

24 Condition Issuance Statement

25

26 Claim Rule Language

27 demo

28

29 Claims Trust Relying Party x Relying Party Trust Claims Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner organization Your organization

30 Partner user Client request token for access to relying party x Your Organization ADFS Claims Trust Relying Party Trust Relying Party x Processes Acceptance Transform Rules Processes Issuance Authorization Rules If allowed processes Issuance Rules ST Returns token for Relying Party x If denied Processing ends Security Token Service (STS) ST from Partner ST Trusted Partner ST

31 Process token Home realm discovery ST Redirected to partner STS requesting ST for partner user Return ST for consumption by your STS Return new ST ST Your ADFS STS Your Claims-aware app Active Directory Partner user Partner ADFS STS & IP Redirected to your STS ST Authenticate Send Token Return page and cookie Browse app Not authenticated Redirect to your STS

32

33

34

35 John has designed and implemented computing systems ranging from high-speed industrial controllers through to distributed IT systems with a focus on security and high-availability. A key player in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals that require optimized IT systems. Developed technical training courses that have been published worldwide, co-authored a highly successful book on Microsoft Active Directory Internals, presents regularly at major international conferences including, TechEd, IT Forum and European summits. John can be engaged as a consultant or booked for speaking engagements through XTSeminars. www.xtseminars.co.ukwww.xtseminars.co.uk

36 Required Slide Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that relate to your session. Also indicate when they can find you staffing in the TLC.

37

38 www.microsoft.com/teched Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn http://northamerica.msteched.com Connect. Share. Discuss.

39

40 Scan the Tag to evaluate this session now on myTechEd Mobile

41

Download ppt "SIM402. Kerberos, NTLM, Basic, Digest, Forms?"

Similar presentations

Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
4/10/2017 2:53 PM SIM202 We Don't Need No Stinkin' GUI: Command-Line Capture Techniques (Remote Options) Laura Chappell Founder, Wireshark University Founder,

4/10/2017 2:53 PM SIM202 We Don't Need No Stinkin' GUI: Command-Line Capture Techniques (Remote Options) Laura Chappell Founder, Wireshark University Founder,
DEV333. Describe each main attack Demo how the attack works Fix our poor vulnerable application! Why Script Kiddies, Why? Click to Hack.

DEV333. Describe each main attack Demo how the attack works Fix our poor vulnerable application! Why Script Kiddies, Why? Click to Hack.
SIM201. Announcing… copyright chappellseminars.com some hosts comply; RST = closed no = response open some hosts comply; RST = closed no = response.

SIM201. Announcing… copyright chappellseminars.com some hosts comply; RST = closed no = response open some hosts comply; RST = closed no = response.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
WSV304 Manual Deployment High cost Fully Automated Low cost.

WSV304 Manual Deployment High cost Fully Automated Low cost.
Self Assessment COS202 a-Expense.

Self Assessment COS202 a-Expense.
SIM344. 2 Separate solution install paths can be taken, stand alone and SCOM integrated. Both require core AVIcode web apps and DB’s.

SIM Separate solution install paths can be taken, stand alone and SCOM integrated. Both require core AVIcode web apps and DB’s.
DBI331. Cube Measure Group Measure Partition Cube Dimension Dimension Attribute Relationship Hierarchy Level Cube Attribute Cube Hierarchy Measure.

DBI331. Cube Measure Group Measure Partition Cube Dimension Dimension Attribute Relationship Hierarchy Level Cube Attribute Cube Hierarchy Measure.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
SIM346. General information about the software application.

SIM346. General information about the software application.
Sneak Peek at Microsoft System Center Service Manager 2012 Concepts

Sneak Peek at Microsoft System Center Service Manager 2012 Concepts
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
DEV314. Entity Data Model demo Entity Data Model.

DEV314. Entity Data Model demo Entity Data Model.
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
WCL309. Demo.

WCL309. Demo.
WCL 319. fast clean trusted interoperable IT friendly.

WCL 319. fast clean trusted interoperable IT friendly.
SIM329. Certificate Enrollment Without CEP/CES Certificate Authority Active Directory Client Workstations 3 4 1 2 LDAP RPC/DCOM.

SIM329. Certificate Enrollment Without CEP/CES Certificate Authority Active Directory Client Workstations LDAP RPC/DCOM.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
OSP317. Built on SharePoint Leverage one or more out of the box or custom features. These features can typically live on there own Like any other.

OSP317. Built on SharePoint Leverage one or more out of the box or custom features. These features can typically live on there own Like any other.

Similar presentations

Ads by Google