Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.

Published byKathryn Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008."— Presentation transcript:

1 Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008

2 Module Overview Overview of an Active Directory Federation Services Design Designing a Business-to-Business Federation Designing Active Directory Federation Services Claims and Applications

3 Key Components of ADFS AD FS includes the following components: Account Federation server Account Federation server proxy Resource Federation server Resource Federation server proxy AD FS Web Server Agent AD DS Domain Controllers

4 ADFS Server Roles ADFS server role includes following components: Federation Service Federation Service proxy Claims-aware agent Windows token-based agent

5 ADFS Server Placement When determining your ADFS server placement, consider: Where to place a federation server? Where to place a federation server proxy? Federation Server AD DS Federation Server Proxy PERIMETER NETWORK INTRANET FOREST

6 Components of a B2B Federation Trust Account Partner Organization Resource Partner Organization Resource Federation Server Account Federation Server AD DS AD FS- enabled Web Server Federation Trust

7 Guidelines for Deploying and Securing ADFS Servers When deploying AD FS servers that are servicing external clients: Place federation servers in front of a firewall and connect them to the corporate network to prevent exposure from the Internet Avoid having your federation servers directly accessible on the Internet Place a federation server proxy in the perimeter network before you configure your firewall servers for use with AD FS Use ISA Server 2006 publishing Consider deploying a federation server proxy in your organization's perimeter network when you want to: Prevent direct access to federation servers by external clients Differentiate the Internet user sign-in experience from that of corporate network users Create at least one AD FS-enabled Web server in the resource partner organization when you deploy any of the following AD FS designs: Web SSO Federated Web SSO Federated Web SSO with Forest Trust

8 Guidelines for Usage of Token-based and Claims- aware Applications When implementing applications using ADFS, consider: For a claims-aware application, ensure that the return URL is typed correctly in the application’s Web.config file Verify that ASP.NET is installed and enabled For a Windows NT token–based application, verify that the return URL is typed correctly in the ADFS Web Agent tab of IIS For a Windows NT token–based application, configure a resource account in the resource partner’s directory store

Download ppt "Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008."

Similar presentations

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager 2007. Configuration Manager 2007 Internet-Based.

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Implementing and Administering AD FS

Implementing and Administering AD FS
Understanding Active Directory

Understanding Active Directory
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Module 6: Configuring AD RMS

Module 6: Configuring AD RMS
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Virtual techdays INDIA │ 18-20 august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)

Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Chapter 12: Additional Active Directory Server Roles

Chapter 12: Additional Active Directory Server Roles
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Similar presentations

Ads by Google