SlideShare uma empresa Scribd logo

Adfs 2 & claims based identity

Transferir como PPTX, PDF
Nathan Winters
Nathan Winters

AD FS 2 & Claims-Based Identity provides a consistent identity layer across applications by extracting identity information from Active Directory and other sources and expressing it as standardized claims. This allows applications to authenticate users once via AD FS and receive attributes about the user, without the applications needing direct access to identity stores. Claims can include group memberships, email address, or any other identity attributes that can be used for authorization and personalization. AD FS supports web single sign-on, web services, and "claims-aware" applications via standards like WS-Federation, SAML 2.0, and can federate identity across organizations.

Tecnologia
1 de 32
AD FS 2 & Claims-Based Identity Laura E. Hunter Identity Lady, AD FS Zealot laura.hunter@lhaconsulting.com http://www.shutuplaura.com @adfskitteh
The Problem? We Lack a Consistent Identity Layer for Applications
The Result?Hard-coded dependencies, “Continuous Wheel Re-Invention”Resistance to Change
LDAP://dc1.bigfirm.com/ou=FTEs,dc=bigfirm,dc=com
filter = ((&(objectClass=user)(|(sn=*smith*)(displayName=*smith*)(givenName=*smith*)(cn=*smith*))))
How many different ways can you authenticate to an app?
Managing Application Identity – First Principles 1. Identify the Caller 2. Extract Information for AuthZ & Personalization
Windows Integrated Authentication Does Active Directory work everywhere?
What’s the Solution?
So What’s a Claim? “I am a member of the Marketing group” “My email address is …” “I am over 21 years of age” Populated using information from AD/ADAM/ADLDS SQL Expressed using the SAML format
<saml:AssertionAssertionID="..." IssueInstant="2006-07-11T03:15:40Z" Issuer=“https://adatum-dc1.adatum.com“> <saml:ConditionsNotBefore="2006-07-11T03:15:40Z" NotOnOrAfter="2006-07-11T04:15:40Z"> <saml:Audience> https://contoso-dc1.contoso.com </saml:Audience> <saml:AuthenticationStatementAuthenticationInstant="2006-07-11T03:15:40Z" AuthenticationMethod="urn:federation:authentication:windows"> <saml:NameIdentifierFormat="http://schemas.xmlsoap.org/claims/UPN">adamcar@adatum.com</saml:NameIdentifier> <saml:AttributeAttributeName="Group” <saml:AttributeValue> Administrators</saml:AttributeValue> <Signaturexmlns="http://www.w3.org/2000/09/xmldsig#"> ab315cdff14d</Signature> </saml:Assertion> Abridged SAML Token(Don’t Squint, Just Get the Big Idea!)
AD FS is all about the apps!
Standards-based: WS-Federation WS-Trust SAML 2.0 Use cases: WebSSO Web Services (WCF) What is this…“claims-aware” application of which you speak?
What Can I do with this?
Application Access in a Single Org
Account Partner (ADATUM) Resource Partner (CONTOSO) A. Datum Account Forest Trey Research Resource Forest Federation Trust Federated Application Access
SSO to Service Providers
Cloudy with a Chance of Federation
So what does it look like?
WS-Fed Passive Profile Account Partner (Users) Resource Partner (Resource) A. Datum Account Forest Trey Research Resource Forest Federation Trust
Something lost, something gained… What about passwords? What about deprovisioning?
Liberty Alliance Results… ADFS 2 SAML 2.0 Interop Testing with Entrust, IBM, Novell, Ping, SAP, Siemens IdP Lite SP Lite EGov 1.5 Matrix testing results:http://www.projectliberty.org/liberty/liberty_interoperable/implementations/saml_2_0_test_procedure_v3_2_2_full_matrix_implementation_table_q309/
If you remember nothing else but this…
I want the integrity of yourusers’ identity information when they access myresources…
…to be at least as good…
as the integrity of yourusers’ identity information when they access yourresources.
AD FS components are Windows components No additional server software costs …but it’s all about the apps! AD FSv2 (was “Geneva”) Release Candidate Available Now RTM…“Soon” Windows Identity Foundation .NET Developer Platform Free Download Available now! AD FS 2.0 Availability, Pricing
AD Cookbook, 3rd Edition Best selling Active Directory title What’s New? Windows Server 2008 coverage: Read Only Domain Controllers (RODCs) Fine Grained Password Policies (FGPPs) Exchange 2007 integration & scripting Identity Lifecycle Manager 2007 Windows PowerShell & Active Directory .NET programming New user interface features Always more than one way! Learn More! http://oreilly.com/catalog/9780596521103/
Thank You! mailto: laura.hunter@lhaconsulting.com blog: http://www.shutuplaura.com twitter: @adfskitteh

Recomendados

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
Danny Jessee
 
Understanding 'Authentication' and 'Identity Federation'
Understanding 'Authentication' and 'Identity Federation'Understanding 'Authentication' and 'Identity Federation'
Understanding 'Authentication' and 'Identity Federation'
Naohiro Fujie
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
Sean Xiong
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
Shivanand Arur
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
Umar Ali
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 

Recomendados

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
Danny Jessee
 
Understanding 'Authentication' and 'Identity Federation'
Understanding 'Authentication' and 'Identity Federation'Understanding 'Authentication' and 'Identity Federation'
Understanding 'Authentication' and 'Identity Federation'
Naohiro Fujie
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
Sean Xiong
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
Shivanand Arur
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
Umar Ali
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
ADFS + IAM
ADFS + IAMADFS + IAM
ADFS + IAM
Richard Harvey
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
amitchachra
 
Understanding Identity Management with Office 365
Understanding Identity Management with Office 365Understanding Identity Management with Office 365
Understanding Identity Management with Office 365
Perficient, Inc.
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
 
PowerShell and the Future of Windows Automation
PowerShell and the Future of Windows AutomationPowerShell and the Future of Windows Automation
PowerShell and the Future of Windows Automation
Concentrated Technology
 
PowerShell crashcourse
PowerShell crashcoursePowerShell crashcourse
PowerShell crashcourse
Concentrated Technology
 
PowerShell Functions
PowerShell FunctionsPowerShell Functions
PowerShell Functions
mikepfeiffer
 
No-script PowerShell v2
No-script PowerShell v2No-script PowerShell v2
No-script PowerShell v2
Concentrated Technology
 
Ive got a powershell secret
Ive got a powershell secretIve got a powershell secret
Ive got a powershell secret
Chris Conte
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
Concentrated Technology
 
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - CertificateAdvanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Don Reese
 
Basic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 sessionBasic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 session
Rob Dunn
 
Ad disasters & how to prevent them
Ad disasters & how to prevent themAd disasters & how to prevent them
Ad disasters & how to prevent them
Concentrated Technology
 
Best free tools for w d a
Best free tools for w d aBest free tools for w d a
Best free tools for w d a
Concentrated Technology
 
PowerShell crash course
PowerShell crash coursePowerShell crash course
PowerShell crash course
Concentrated Technology
 
PowerShell custom properties
PowerShell custom propertiesPowerShell custom properties
PowerShell custom properties
Concentrated Technology
 
Managing enterprise with PowerShell remoting
Managing enterprise with PowerShell remotingManaging enterprise with PowerShell remoting
Managing enterprise with PowerShell remoting
Concentrated Technology
 
PowerShell and WMI
PowerShell and WMIPowerShell and WMI
PowerShell and WMI
Concentrated Technology
 
PowerShell crashcourse for Sharepoint admins
PowerShell crashcourse for Sharepoint adminsPowerShell crashcourse for Sharepoint admins
PowerShell crashcourse for Sharepoint admins
Concentrated Technology
 
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and UsesVDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
Concentrated Technology
 
Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.
Alexander Kot
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
Roger CARHUATOCTO
 

Mais conteúdo relacionado

Destaque

Ive got a powershell secret
Ive got a powershell secretIve got a powershell secret
Ive got a powershell secret
Chris Conte
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
Concentrated Technology
 
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - CertificateAdvanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Don Reese
 
Basic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 sessionBasic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 session
Rob Dunn
 
Managing enterprise with PowerShell remoting
Managing enterprise with PowerShell remotingManaging enterprise with PowerShell remoting
Managing enterprise with PowerShell remoting
Concentrated Technology
 
PowerShell crashcourse for Sharepoint admins
PowerShell crashcourse for Sharepoint adminsPowerShell crashcourse for Sharepoint admins
PowerShell crashcourse for Sharepoint admins
Concentrated Technology
 
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and UsesVDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
Concentrated Technology
 

Destaque (20)

ADFS + IAM
ADFS + IAMADFS + IAM
ADFS + IAM
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 
Understanding Identity Management with Office 365
Understanding Identity Management with Office 365Understanding Identity Management with Office 365
Understanding Identity Management with Office 365
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
 
PowerShell and the Future of Windows Automation
PowerShell and the Future of Windows AutomationPowerShell and the Future of Windows Automation
PowerShell and the Future of Windows Automation
 
PowerShell crashcourse
PowerShell crashcoursePowerShell crashcourse
PowerShell crashcourse
 
PowerShell Functions
PowerShell FunctionsPowerShell Functions
PowerShell Functions
 
No-script PowerShell v2
No-script PowerShell v2No-script PowerShell v2
No-script PowerShell v2
 
Ive got a powershell secret
Ive got a powershell secretIve got a powershell secret
Ive got a powershell secret
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
 
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - CertificateAdvanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
 
Basic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 sessionBasic PowerShell Toolmaking - Spiceworld 2016 session
Basic PowerShell Toolmaking - Spiceworld 2016 session
 
Ad disasters & how to prevent them
Ad disasters & how to prevent themAd disasters & how to prevent them
Ad disasters & how to prevent them
 
Best free tools for w d a
Best free tools for w d aBest free tools for w d a
Best free tools for w d a
 
PowerShell crash course
PowerShell crash coursePowerShell crash course
PowerShell crash course
 
PowerShell custom properties
PowerShell custom propertiesPowerShell custom properties
PowerShell custom properties
 
Managing enterprise with PowerShell remoting
Managing enterprise with PowerShell remotingManaging enterprise with PowerShell remoting
Managing enterprise with PowerShell remoting
 
PowerShell and WMI
PowerShell and WMIPowerShell and WMI
PowerShell and WMI
 
PowerShell crashcourse for Sharepoint admins
PowerShell crashcourse for Sharepoint adminsPowerShell crashcourse for Sharepoint admins
PowerShell crashcourse for Sharepoint admins
 
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and UsesVDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
 

Semelhante a Adfs 2 & claims based identity

Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
Roger CARHUATOCTO
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
Amazon Web Services
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source Applications
All Things Open
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
Yury Chemerkin
 

Semelhante a Adfs 2 & claims based identity (20)

Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionSecure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat Protection
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
PeopleSoft: HACK THE Planet^W university
PeopleSoft: HACK THE Planet^W universityPeopleSoft: HACK THE Planet^W university
PeopleSoft: HACK THE Planet^W university
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalProtecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source Applications
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access Control
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
 
Basics of IT security
Basics of IT securityBasics of IT security
Basics of IT security
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Hands-On Security - Disrupting the Kill Chain
Hands-On Security - Disrupting the Kill ChainHands-On Security - Disrupting the Kill Chain
Hands-On Security - Disrupting the Kill Chain
 

Mais de Nathan Winters

Aidan finn vmm 2008 r2 - minasi forum 2010
Aidan finn vmm 2008 r2 - minasi forum 2010Aidan finn vmm 2008 r2 - minasi forum 2010
Aidan finn vmm 2008 r2 - minasi forum 2010
Nathan Winters
 
Nathan Winters Exchange 2010 protection and compliance
Nathan Winters Exchange 2010 protection and complianceNathan Winters Exchange 2010 protection and compliance
Nathan Winters Exchange 2010 protection and compliance
Nathan Winters
 
Eric Rux The Big One Merging 2 Companies
Eric Rux The Big One Merging 2 CompaniesEric Rux The Big One Merging 2 Companies
Eric Rux The Big One Merging 2 Companies
Nathan Winters
 
Ultan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Ultan Kinahan Business Continuity & Dr With Virtualization And DoubletakeUltan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Ultan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Nathan Winters
 
Thomas Deimel The World Of Hackintosh
Thomas Deimel The World Of HackintoshThomas Deimel The World Of Hackintosh
Thomas Deimel The World Of Hackintosh
Nathan Winters
 
Joe Mc Glynn Sbs 2008 For The Small Business
Joe Mc Glynn Sbs 2008 For The Small BusinessJoe Mc Glynn Sbs 2008 For The Small Business
Joe Mc Glynn Sbs 2008 For The Small Business
Nathan Winters
 
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Nathan Winters
 
Roger Grimes How I Fixed The Internets
Roger Grimes How I Fixed The InternetsRoger Grimes How I Fixed The Internets
Roger Grimes How I Fixed The Internets
Nathan Winters
 
Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters What’s New And Cool In Ocs 2007 R2Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters
 

Mais de Nathan Winters (20)

Exch2010 compliance ngm f inal
Exch2010 compliance ngm f inalExch2010 compliance ngm f inal
Exch2010 compliance ngm f inal
 
Exchange 2010 storage improvements
Exchange 2010 storage improvementsExchange 2010 storage improvements
Exchange 2010 storage improvements
 
Ultan kinahan dr - minasi 2010
Ultan kinahan dr - minasi 2010Ultan kinahan dr - minasi 2010
Ultan kinahan dr - minasi 2010
 
Sql server troubleshooting
Sql server troubleshootingSql server troubleshooting
Sql server troubleshooting
 
Aidan finn vmm 2008 r2 - minasi forum 2010
Aidan finn vmm 2008 r2 - minasi forum 2010Aidan finn vmm 2008 r2 - minasi forum 2010
Aidan finn vmm 2008 r2 - minasi forum 2010
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pki
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you think
 
Nathan Winters Exchange 2010 protection and compliance
Nathan Winters Exchange 2010 protection and complianceNathan Winters Exchange 2010 protection and compliance
Nathan Winters Exchange 2010 protection and compliance
 
Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2
 
Desktop virtualization scott calvet
Desktop virtualization scott calvetDesktop virtualization scott calvet
Desktop virtualization scott calvet
 
Nathan Winters TechDays UK Exchange 2010 IPC
Nathan Winters TechDays UK Exchange 2010 IPCNathan Winters TechDays UK Exchange 2010 IPC
Nathan Winters TechDays UK Exchange 2010 IPC
 
OCS Introduction for Learning Gateway Conference 2009
OCS Introduction for Learning Gateway Conference 2009OCS Introduction for Learning Gateway Conference 2009
OCS Introduction for Learning Gateway Conference 2009
 
Introduction to Exchange 2010
Introduction to Exchange 2010Introduction to Exchange 2010
Introduction to Exchange 2010
 
Eric Rux The Big One Merging 2 Companies
Eric Rux The Big One Merging 2 CompaniesEric Rux The Big One Merging 2 Companies
Eric Rux The Big One Merging 2 Companies
 
Ultan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Ultan Kinahan Business Continuity & Dr With Virtualization And DoubletakeUltan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Ultan Kinahan Business Continuity & Dr With Virtualization And Doubletake
 
Thomas Deimel The World Of Hackintosh
Thomas Deimel The World Of HackintoshThomas Deimel The World Of Hackintosh
Thomas Deimel The World Of Hackintosh
 
Joe Mc Glynn Sbs 2008 For The Small Business
Joe Mc Glynn Sbs 2008 For The Small BusinessJoe Mc Glynn Sbs 2008 For The Small Business
Joe Mc Glynn Sbs 2008 For The Small Business
 
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3
 
Roger Grimes How I Fixed The Internets
Roger Grimes How I Fixed The InternetsRoger Grimes How I Fixed The Internets
Roger Grimes How I Fixed The Internets
 
Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters What’s New And Cool In Ocs 2007 R2Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters What’s New And Cool In Ocs 2007 R2
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Adfs 2 & claims based identity

  • 1. AD FS 2 & Claims-Based Identity Laura E. Hunter Identity Lady, AD FS Zealot laura.hunter@lhaconsulting.com http://www.shutuplaura.com @adfskitteh
  • 2. The Problem? We Lack a Consistent Identity Layer for Applications
  • 3. The Result?Hard-coded dependencies, “Continuous Wheel Re-Invention”Resistance to Change
  • 6. How many different ways can you authenticate to an app?
  • 7. Managing Application Identity – First Principles 1. Identify the Caller 2. Extract Information for AuthZ & Personalization
  • 8. Windows Integrated Authentication Does Active Directory work everywhere?
  • 9.
  • 10.
  • 12. So What’s a Claim? “I am a member of the Marketing group” “My email address is …” “I am over 21 years of age” Populated using information from AD/ADAM/ADLDS SQL Expressed using the SAML format
  • 13. <saml:AssertionAssertionID="..." IssueInstant="2006-07-11T03:15:40Z" Issuer=“https://adatum-dc1.adatum.com“> <saml:ConditionsNotBefore="2006-07-11T03:15:40Z" NotOnOrAfter="2006-07-11T04:15:40Z"> <saml:Audience> https://contoso-dc1.contoso.com </saml:Audience> <saml:AuthenticationStatementAuthenticationInstant="2006-07-11T03:15:40Z" AuthenticationMethod="urn:federation:authentication:windows"> <saml:NameIdentifierFormat="http://schemas.xmlsoap.org/claims/UPN">adamcar@adatum.com</saml:NameIdentifier> <saml:AttributeAttributeName="Group” <saml:AttributeValue> Administrators</saml:AttributeValue> <Signaturexmlns="http://www.w3.org/2000/09/xmldsig#"> ab315cdff14d</Signature> </saml:Assertion> Abridged SAML Token(Don’t Squint, Just Get the Big Idea!)
  • 14. AD FS is all about the apps!
  • 15. Standards-based: WS-Federation WS-Trust SAML 2.0 Use cases: WebSSO Web Services (WCF) What is this…“claims-aware” application of which you speak?
  • 16. What Can I do with this?
  • 17. Application Access in a Single Org
  • 18. Account Partner (ADATUM) Resource Partner (CONTOSO) A. Datum Account Forest Trey Research Resource Forest Federation Trust Federated Application Access
  • 19. SSO to Service Providers
  • 20. Cloudy with a Chance of Federation
  • 21. So what does it look like?
  • 22. WS-Fed Passive Profile Account Partner (Users) Resource Partner (Resource) A. Datum Account Forest Trey Research Resource Forest Federation Trust
  • 23. Something lost, something gained… What about passwords? What about deprovisioning?
  • 24. Liberty Alliance Results… ADFS 2 SAML 2.0 Interop Testing with Entrust, IBM, Novell, Ping, SAP, Siemens IdP Lite SP Lite EGov 1.5 Matrix testing results:http://www.projectliberty.org/liberty/liberty_interoperable/implementations/saml_2_0_test_procedure_v3_2_2_full_matrix_implementation_table_q309/
  • 25.
  • 26. If you remember nothing else but this…
  • 27. I want the integrity of yourusers’ identity information when they access myresources…
  • 28. …to be at least as good…
  • 29. as the integrity of yourusers’ identity information when they access yourresources.
  • 30. AD FS components are Windows components No additional server software costs …but it’s all about the apps! AD FSv2 (was “Geneva”) Release Candidate Available Now RTM…“Soon” Windows Identity Foundation .NET Developer Platform Free Download Available now! AD FS 2.0 Availability, Pricing
  • 31. AD Cookbook, 3rd Edition Best selling Active Directory title What’s New? Windows Server 2008 coverage: Read Only Domain Controllers (RODCs) Fine Grained Password Policies (FGPPs) Exchange 2007 integration & scripting Identity Lifecycle Manager 2007 Windows PowerShell & Active Directory .NET programming New user interface features Always more than one way! Learn More! http://oreilly.com/catalog/9780596521103/
  • 32. Thank You! mailto: laura.hunter@lhaconsulting.com blog: http://www.shutuplaura.com twitter: @adfskitteh

Notas do Editor

  1. Hard-coded dependencies
  2. Re-inventing the wheel – asking our devs to be AD experts
  3. Resistance to change – smart card, cloud, etc.
  4. Identify the caller (AuthN)Grep information about the caller for AuthZ &amp; personalization
  5. Partner fed
  6. Fed with the cloud
  7. Hide.Fedutil, pre-baked RP trust
  8. For WinHIED
  9. For WinHIED