Professional Documents
Culture Documents
Active Directory
Active Directory
Helpful Experience
Knowledge of Active Directory
Understanding of Certificates
Authentication and authorization methods IIS and Web application principles
Level 300
Agenda
Identity Management
Present
Custom Integration
Identity Internal High
Future
Connected Systems
Identity Built Low
Federation
Internally Limit
to Extend
to Biz Value
cost to value
cost to value
new features
Active Directory Application Mode (ADAM)
Agenda
Identity Management
ADAM
UNIX Identity Management ADFS
What is ADAM
A mode of Active Directory Lightweight, domain-independent
ADAM Improvements
Active Directory to ADAM Synchronizer tool Active Directory Schema Analyzer tool Newer version of LDP tool
Agenda
Identity Management
ADAM
UNIX Identity Management ADFS
Windows Servers
Master
Agenda
Identity Management
ADAM
UNIX Identity Management ADFS
What is ADFS?
Active Directory-based ID federation
Simplified, secure sharing of digital identities across security boundaries
AD Users WS-Federation
.Net Apps
ADFS Architecture
LPC/Web Methods Windows Authentication/ LDAP
HTTPS
AD or ADAM
ADFS Requirements
Federation Service, Federation Service Proxy, and ADFS Web Service Agent must have:
Internet Information Server (IIS) 6.0 ASP.NET
Federation Trust
Active Directory
Certificates
Certificates used by the Federation Service
Token Signing Certificates Verification Certificates
Client Certificate
Web browser receives a request to present a client certificate and the user may choose which certificate to present
Forms-based
Present a customizable web page to the user requesting credentials
Basic
Web browser presents the standard username/password dialog
ADFS-enabled Applications
Implements the ADFS API or an API that consumes claims ASP.NET 2.0 application
Group Custom
Understanding Transforms
Transforms are instructions that map claims between partners Used by the resource partner to make authorization decisions
Establishing Trust
Assumes proper partner relationship agreements Carefully consider security ramifications
Method for transfer of certificates between organizations
Mechanics:
Account partner must transfer token signing certificate to
resource
Resource uses ADFS snap-in to establish trust and enable account partner
Demo
demonstration
Session Summary
Windows Server 2003 R2 delivers important functionality toward the Microsoft vision for Identity Management ADFS is a key, new component ADFS is standards-based (WS-*), integrates with third party federation solutions