Adfs 2 & claims based identity

•Download as PPTX, PDF•

2 likes•2,816 views

AD FS 2 & Claims-Based Identity provides a consistent identity layer across applications by extracting identity information from Active Directory and other sources and expressing it as standardized claims. This allows applications to authenticate users once via AD FS and receive attributes about the user, without the applications needing direct access to identity stores. Claims can include group memberships, email address, or any other identity attributes that can be used for authorization and personalization. AD FS supports web single sign-on, web services, and "claims-aware" applications via standards like WS-Federation, SAML 2.0, and can federate identity across organizations.

AD FS 2 & Claims-Based Identity Laura E. Hunter Identity Lady, AD FS Zealot laura.hunter@lhaconsulting.com http://www.shutuplaura.com @adfskitteh

The Problem? We Lack a Consistent Identity Layer for Applications

The Result?Hard-coded dependencies, “Continuous Wheel Re-Invention”Resistance to Change

LDAP://dc1.bigfirm.com/ou=FTEs,dc=bigfirm,dc=com

filter = ((&(objectClass=user)(|(sn=*smith*)(displayName=*smith*)(givenName=*smith*)(cn=*smith*))))

How many different ways can you authenticate to an app?

Managing Application Identity – First Principles 1. Identify the Caller 2. Extract Information for AuthZ & Personalization

Windows Integrated Authentication Does Active Directory work everywhere?

So What’s a Claim? “I am a member of the Marketing group” “My email address is …” “I am over 21 years of age” Populated using information from AD/ADAM/ADLDS SQL Expressed using the SAML format

<saml:AssertionAssertionID="..." IssueInstant="2006-07-11T03:15:40Z" Issuer=“https://adatum-dc1.adatum.com“> <saml:ConditionsNotBefore="2006-07-11T03:15:40Z" NotOnOrAfter="2006-07-11T04:15:40Z"> <saml:Audience> https://contoso-dc1.contoso.com </saml:Audience> <saml:AuthenticationStatementAuthenticationInstant="2006-07-11T03:15:40Z" AuthenticationMethod="urn:federation:authentication:windows"> <saml:NameIdentifierFormat="http://schemas.xmlsoap.org/claims/UPN">adamcar@adatum.com</saml:NameIdentifier> <saml:AttributeAttributeName="Group” <saml:AttributeValue> Administrators</saml:AttributeValue> <Signaturexmlns="http://www.w3.org/2000/09/xmldsig#"> ab315cdff14d</Signature> </saml:Assertion> Abridged SAML Token(Don’t Squint, Just Get the Big Idea!)

Standards-based: WS-Federation WS-Trust SAML 2.0 Use cases: WebSSO Web Services (WCF) What is this…“claims-aware” application of which you speak?

Account Partner (ADATUM) Resource Partner (CONTOSO) A. Datum Account Forest Trey Research Resource Forest Federation Trust Federated Application Access

Something lost, something gained… What about passwords? What about deprovisioning?

Liberty Alliance Results… ADFS 2 SAML 2.0 Interop Testing with Entrust, IBM, Novell, Ping, SAP, Siemens IdP Lite SP Lite EGov 1.5 Matrix testing results:http://www.projectliberty.org/liberty/liberty_interoperable/implementations/saml_2_0_test_procedure_v3_2_2_full_matrix_implementation_table_q309/

I want the integrity of yourusers’ identity information when they access myresources…

as the integrity of yourusers’ identity information when they access yourresources.

AD FS components are Windows components No additional server software costs …but it’s all about the apps! AD FSv2 (was “Geneva”) Release Candidate Available Now RTM…“Soon” Windows Identity Foundation .NET Developer Platform Free Download Available now! AD FS 2.0 Availability, Pricing

AD Cookbook, 3rd Edition Best selling Active Directory title What’s New? Windows Server 2008 coverage: Read Only Domain Controllers (RODCs) Fine Grained Password Policies (FGPPs) Exchange 2007 integration & scripting Identity Lifecycle Manager 2007 Windows PowerShell & Active Directory .NET programming New user interface features Always more than one way! Learn More! http://oreilly.com/catalog/9780596521103/

Thank You! mailto: laura.hunter@lhaconsulting.com blog: http://www.shutuplaura.com twitter: @adfskitteh

As more companies leverage Office 365, identity management between on-premise and cloud has become a topic of increasing importance. Fortunately, Office 365 offers a wide range of different identity management options that you can select based on your organization’s needs and preferences. Join Perficient as we take a look at: What constitutes identity management in Office 365 Federation and synchronization options available with Office 365, including ADFS and DirSync with password synchronization Multi-forest deployments and deploying infrastructure using Windows Azure

Identity Management for Office 365 and Microsoft Azure

Sparkhound Inc.

Sparkhound Senior Infrastructure Consultant David Pechon discusses Identity Management for O365 and Azure at the 2015 SharePoint TechFest Dallas event held at the Irving Convention Center. Learn how Active Directory Federation Services and DirSync allow you to synchronize your organization’s Active Directory and use it to authenticate users to Office 365 applications, such as Exchange Online, OneDrive for Business and SharePoint Online.

PowerShell and the Future of Windows Automation

Concentrated Technology

PowerShell crashcourseConcentrated Technology

PowerShell Functions

mikepfeiffer

No-script PowerShell v2Concentrated Technology

Ive got a powershell secretChris Conte

Free tools for win server administrationConcentrated Technology

Advanced Tools & Scripting with PowerShell 3.0 Jump Start - CertificateDon Reese

Basic PowerShell Toolmaking - Spiceworld 2016 session

Rob Dunn

PowerShell is everywhere. Admit it, even if you don't like change, you've probably needed to run a one-off command or small script in order to accomplish something...whether it was in AD, Exchange, VMWare or something else. Running a single command is one thing, but what about making a reusable piece of code that anyone can run, or even better, schedule it? Get a report every Monday about drive space, remove old log files every month, report on logon failures... We're going to take a command that fulfills a 'single-serving' role and turn it into something more dynamic; something that can be run over and over and be both relevant and timely! Be ready to learn about parameters, basic functions, comment-based help, and other useful techniques - bring your laptop and code along with us! Let's build a PowerShell tool! Watch me present this topic via YouTube: https://youtu.be/akTypRvwr7g (video 1 of 2)

Ad disasters & how to prevent themConcentrated Technology

Best free tools for w d aConcentrated Technology

PowerShell crash courseConcentrated Technology

PowerShell custom propertiesConcentrated Technology

Managing enterprise with PowerShell remotingConcentrated Technology

PowerShell and WMIConcentrated Technology

PowerShell crashcourse for Sharepoint adminsConcentrated Technology

VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses

Concentrated Technology

Today’s talk about VDI centers around deploying hundreds or thousands of desktops. But sometimes you just want access for a few people and a few applications. Or, you just can’t afford big-budget solutions. Have you tried Microsoft Hyper-V and RDS? Combining these two tools, a sufficiently-powerful server, and the information in this session, you’ll quickly build a single-server VDI solution for just those small needs. Join RDS MVP Greg Shields for a look at the very small in VDI. He’ll show you how to get started on the most micro of budgets, and send you home with the exact click-by-click to begin hosting your own virtual desktops.

Bsides Tampa Blue Team’s tool dump.

Alexander Kot

I will be going over a list of definitions, tools that fit each category, and open source variants that fit each (if available). I will be also going over the good, bad, and ugly of new/emerging technology. I recommend watching the talk. Many notes and context are only verbal not in the slides. Link for talk. http://www.irongeek.com/i.php?page=videos/bsidestampa2018/track-206-blue-teams-tool-dump-stop-using-them-term-next-gen-this-isnt-xxcall-of-dutyxx-alex-kot

Identity Federation on JBossASRoger CARHUATOCTO

Viewers also liked

ADFS + IAM

Richard Harvey

Office 365-single-sign-on-with-adfs

amitchachra

Understanding Identity Management with Office 365

Perficient, Inc.

Identity Management for Office 365 and Microsoft Azure

Sparkhound Inc.

PowerShell and the Future of Windows Automation

Concentrated Technology

PowerShell crashcourseConcentrated Technology

PowerShell Functions

mikepfeiffer

No-script PowerShell v2Concentrated Technology

Ive got a powershell secretChris Conte

Free tools for win server administrationConcentrated Technology

Advanced Tools & Scripting with PowerShell 3.0 Jump Start - CertificateDon Reese

Basic PowerShell Toolmaking - Spiceworld 2016 session

Rob Dunn

Ad disasters & how to prevent themConcentrated Technology

Best free tools for w d aConcentrated Technology

PowerShell crash courseConcentrated Technology

PowerShell custom propertiesConcentrated Technology

Managing enterprise with PowerShell remotingConcentrated Technology

PowerShell and WMIConcentrated Technology

PowerShell crashcourse for Sharepoint adminsConcentrated Technology

VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses

Concentrated Technology

Viewers also liked (20)

ADFS + IAM

Office 365-single-sign-on-with-adfs

Understanding Identity Management with Office 365

Identity Management for Office 365 and Microsoft Azure

PowerShell and the Future of Windows Automation

PowerShell crashcourse

PowerShell Functions

No-script PowerShell v2

Ive got a powershell secret

Free tools for win server administration

Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate

Basic PowerShell Toolmaking - Spiceworld 2016 session

Ad disasters & how to prevent them

Best free tools for w d a

PowerShell crash course

PowerShell custom properties

Managing enterprise with PowerShell remoting

PowerShell and WMI

PowerShell crashcourse for Sharepoint admins

VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses

Similar to Adfs 2 & claims based identity

Bsides Tampa Blue Team’s tool dump.

Alexander Kot

Identity Federation on JBossASRoger CARHUATOCTO

Secure Modern Workplace With Microsoft 365 Threat Protection

Ammar Hasayen

Join me as I walk you through alll what Microsoft 365 has to offer to protect your business and organization. I am going to cover every security feature and how it fits in the big picture. Whether you are on-premises organization or migrating to the cloud, there is something for you to look at. Follow me on twitter @ammarhasayen and connect on Linkedined https://www.linkedin.com/in/ammarhasayen Here is the full blog post: https://blog.ahasayen.com/secure-modern-workplace-with-microsoft-365-advanced-threat-protection/

From Obstacle to Advantage: The Changing Role of Security & Compliance in You...

Amazon Web Services

A surprising trend is starting to emerge among organizations who are progressing through the cloud maturity lifecycle: major improvements in revenue growth, customer satisfaction, and mission success are being directly attributed to improvements in security and compliance. At one time thought of as speed bumps in the path to deployment, security and compliance are now seen as critical ingredients that help organizations differentiate their offerings in the market, win more deals, and achieve mission-critical goals faster. This session explores how organizations like Jive Software and the National Geospatial Agency use the Evident Security Platform, AWS, and AWS Quick Starts to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results. Session sponsored by Evident.io

"Evolving Cybersecurity Strategies" - Identity is the new security boundary

Dean Iacovelli

IdP, SAML, OAuth

Dan Brinkmann

How to protect your corporate from advanced attacks

Microsoft

Splunk for Security Breakout Session

Splunk

Understanding Application Threat Modelling & Architecture

Priyanka Aash

PeopleSoft: HACK THE Planet^W university

Dmitry Iudin

The PeopleSoft Campus Solutions is used in more than 1000 universities worldwide. In this presentation, we will show how to use several vulnerabilities to gain access to the entire information system of the University. And it means grade fraud, sabotage, access to student information, access to credit cards, bills, payment plans, fees, etc. In this presentation, we'll look at the architecture of PeopleSoft products, its strengths and weaknesses. We show attack surface and demonstrate a practical attack on the system. We also prove how one vulnerability affects a whole family of products, Oracle PeopleSoft, not just PeopleSoft Campus Solutions.

SplunkLive! - Splunk for Security

Splunk

Application Security Architecture and Threat Modelling

Priyanka Aash

Protecting Your Key Asset – Data Protection Best Practices V2.0 Final

Vinod Kumar

Detection of webshells in compromised perimeter assets using ML algorithms

Rod Soto

How to 2FA-enable Open Source Applications

All Things Open

How to 2FA-enable Open Source Applications (Extended Session) Presented at: Open Source 101 at Home 2020 Presented by: Mike Schwartz, Gluu Abstract: Your organization loves open source tools like Wordpress, SuiteCRM, NextCloud, RocketChat, and OnlyOffice... but most of these tools are protected with plain old passwords. You want to use two-factor authentication... but how? In this workshop, you'll learn: - Which 2FA technologies can be used without paying a license; - How to enable users to enroll and delete 2FA credentials; - How to configure open source applications to act as a federated relying party--delegating authentication to a central service - How custom applications can act as a federated relying party

Role-Based Access Control

EmpowerID

2022 APIsecure_Understanding API Abuse With Behavioral Analytics

APIsecure_ Official

Basics of IT securityDr. Ramkumar Lakshminarayanan

Stuxnet redux. malware attribution & lessons learnedYury Chemerkin

Hands-On Security - Disrupting the Kill Chain

Splunk

Learn from a Splunk security expert how to use Splunk Enterprise in a live, hands-on incident investigation session. We'll use Splunk to disrupt an adversary's Kill Chain by finding the Actions on Intent, Exploitation Methods, and Reconnaissance Tactics used against a simulated organization. Data investigated will include threat list intelligence feeds, endpoint activity logs, e-mail logs, and web access logs. This session is a must for all security experts! Please bring your laptop as this is a hands-on session.

Similar to Adfs 2 & claims based identity (20)

Bsides Tampa Blue Team’s tool dump.

Identity Federation on JBossAS

Secure Modern Workplace With Microsoft 365 Threat Protection

From Obstacle to Advantage: The Changing Role of Security & Compliance in You...

"Evolving Cybersecurity Strategies" - Identity is the new security boundary

IdP, SAML, OAuth

How to protect your corporate from advanced attacks

Splunk for Security Breakout Session

Understanding Application Threat Modelling & Architecture

PeopleSoft: HACK THE Planet^W university

SplunkLive! - Splunk for Security

Application Security Architecture and Threat Modelling

Protecting Your Key Asset – Data Protection Best Practices V2.0 Final

Detection of webshells in compromised perimeter assets using ML algorithms

How to 2FA-enable Open Source Applications

Role-Based Access Control

2022 APIsecure_Understanding API Abuse With Behavioral Analytics

Basics of IT security

Stuxnet redux. malware attribution & lessons learned

Hands-On Security - Disrupting the Kill Chain

Recently uploaded

DevOps and Testing slides at DASA Connect

Kari Kakkonen

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Bits & Pixels using AI for Good.........

Alison B. Lowndes

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Recently uploaded (20)

DevOps and Testing slides at DASA Connect

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

PCI PIN Basics Webinar from the Controlcase Team

Mission to Decommission: Importance of Decommissioning Products to Increase E...

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

When stars align: studies in data quality, knowledge graphs, and machine lear...

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

UiPath Test Automation using UiPath Test Suite series, part 3

Elevating Tactical DDD Patterns Through Object Calisthenics

UiPath Test Automation using UiPath Test Suite series, part 4

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Securing your Kubernetes cluster_ a step-by-step guide to success !

Epistemic Interaction - tuning interfaces to provide information for AI support

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Bits & Pixels using AI for Good.........

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

The Art of the Pitch: WordPress Relationships and Sales

Adfs 2 & claims based identity

1. AD FS 2 & Claims-Based Identity Laura E. Hunter Identity Lady, AD FS Zealot laura.hunter@lhaconsulting.com http://www.shutuplaura.com @adfskitteh

2. The Problem? We Lack a Consistent Identity Layer for Applications

3. The Result?Hard-coded dependencies, “Continuous Wheel Re-Invention”Resistance to Change

4. LDAP://dc1.bigfirm.com/ou=FTEs,dc=bigfirm,dc=com

5. filter = ((&(objectClass=user)(|(sn=*smith*)(displayName=*smith*)(givenName=*smith*)(cn=*smith*))))

6. How many different ways can you authenticate to an app?

7. Managing Application Identity – First Principles 1. Identify the Caller 2. Extract Information for AuthZ & Personalization

8. Windows Integrated Authentication Does Active Directory work everywhere?

10.

11. What’s the Solution?

12. So What’s a Claim? “I am a member of the Marketing group” “My email address is …” “I am over 21 years of age” Populated using information from AD/ADAM/ADLDS SQL Expressed using the SAML format

13. <saml:AssertionAssertionID="..." IssueInstant="2006-07-11T03:15:40Z" Issuer=“https://adatum-dc1.adatum.com“> <saml:ConditionsNotBefore="2006-07-11T03:15:40Z" NotOnOrAfter="2006-07-11T04:15:40Z"> <saml:Audience> https://contoso-dc1.contoso.com </saml:Audience> <saml:AuthenticationStatementAuthenticationInstant="2006-07-11T03:15:40Z" AuthenticationMethod="urn:federation:authentication:windows"> <saml:NameIdentifierFormat="http://schemas.xmlsoap.org/claims/UPN">adamcar@adatum.com</saml:NameIdentifier> <saml:AttributeAttributeName="Group” <saml:AttributeValue> Administrators</saml:AttributeValue> <Signaturexmlns="http://www.w3.org/2000/09/xmldsig#"> ab315cdff14d</Signature> </saml:Assertion> Abridged SAML Token(Don’t Squint, Just Get the Big Idea!)

14. AD FS is all about the apps!

15. Standards-based: WS-Federation WS-Trust SAML 2.0 Use cases: WebSSO Web Services (WCF) What is this…“claims-aware” application of which you speak?

16. What Can I do with this?

17. Application Access in a Single Org

18. Account Partner (ADATUM) Resource Partner (CONTOSO) A. Datum Account Forest Trey Research Resource Forest Federation Trust Federated Application Access

19. SSO to Service Providers

20. Cloudy with a Chance of Federation

21. So what does it look like?

22. WS-Fed Passive Profile Account Partner (Users) Resource Partner (Resource) A. Datum Account Forest Trey Research Resource Forest Federation Trust

23. Something lost, something gained… What about passwords? What about deprovisioning?

24. Liberty Alliance Results… ADFS 2 SAML 2.0 Interop Testing with Entrust, IBM, Novell, Ping, SAP, Siemens IdP Lite SP Lite EGov 1.5 Matrix testing results:http://www.projectliberty.org/liberty/liberty_interoperable/implementations/saml_2_0_test_procedure_v3_2_2_full_matrix_implementation_table_q309/

25.

26. If you remember nothing else but this…

27. I want the integrity of yourusers’ identity information when they access myresources…

28. …to be at least as good…

29. as the integrity of yourusers’ identity information when they access yourresources.

30. AD FS components are Windows components No additional server software costs …but it’s all about the apps! AD FSv2 (was “Geneva”) Release Candidate Available Now RTM…“Soon” Windows Identity Foundation .NET Developer Platform Free Download Available now! AD FS 2.0 Availability, Pricing

31. AD Cookbook, 3rd Edition Best selling Active Directory title What’s New? Windows Server 2008 coverage: Read Only Domain Controllers (RODCs) Fine Grained Password Policies (FGPPs) Exchange 2007 integration & scripting Identity Lifecycle Manager 2007 Windows PowerShell & Active Directory .NET programming New user interface features Always more than one way! Learn More! http://oreilly.com/catalog/9780596521103/

32. Thank You! mailto: laura.hunter@lhaconsulting.com blog: http://www.shutuplaura.com twitter: @adfskitteh

Editor's Notes

Hard-coded dependencies
Re-inventing the wheel – asking our devs to be AD experts
Resistance to change – smart card, cloud, etc.
Identify the caller (AuthN)Grep information about the caller for AuthZ & personalization
Partner fed
Fed with the cloud
Hide.Fedutil, pre-baked RP trust
For WinHIED
For WinHIED

Adfs 2 & claims based identity

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to Adfs 2 & claims based identity

Similar to Adfs 2 & claims based identity (20)

More from Nathan Winters

More from Nathan Winters (20)

Recently uploaded

Recently uploaded (20)

Adfs 2 & claims based identity

Editor's Notes