Windows 2012 Active Directory Federation Services 1301h
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 3i3n4
Overview 26281t
& View Windows 2012 Active Directory Federation Services as PDF for free.
More details 6y5l6z
- Words: 924
- Pages: 22
Understanding Active Directory Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft
Active Directory Federation Services (AD FS)
Microsof t Virtual Click toAcadem edit Masterysubtitle
style
Module Overview • AD FS Overview • AD FS Deployment Scenarios • Configuring AD FS Components
Lesson 1: AD FS Overview • What Is Identity Federation? • What Are the Identity Federation Scenarios? • Benefits of Deploying AD FS
What is Identity Federation? Identity Identity federation federation is is a a process process that that enables enables distributed distributed identification, identification, authentication, authentication, and and authorization authorization across across organizational organizational and and platform platform boundaries boundaries
An identity federation: Requires a trust relationship between two organizations or entities Allows organizations to retain control of: Resource access Their own and group s
What Are the Identity Federation Scenarios? Federation Federation for for business-tobusiness-tobusiness business (B2B) (B2B)
Federation Federation for for business-to-consumer business-to-consumer or or business-tobusiness-toemployee employee in in a a Web Web single single sign-on sign-on scenario scenario
Federation Federation within within an an organization organization across across multiple multiple Web Web applications applications
Benefits of Deploying AD FS AD FS provides the following benefits: Enables improved: Security and control over authentication Regulatory compliance Interoperability with heterogeneous systems Works with Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) Extends AD DS to the Internet
Demonstration: Installing AD FS •
In this demonstration, you will see how to install the Active Directory Federation Services Server Role
Lesson 2: AD FS Deployment Scenarios • What Is a Federation Trust? • What Are the AD FS Components? • How AD FS Provides Identity Federation in a B2B Scenario • How AD FS Traffic Flows in a B2B Federation Scenario • How AD FS Provides Web Single Sign-On • Integrating AD FS and AD RMS
What Is a Federation Trust?
AD DS Federation Trust
Federation Server
Partner Organization
Web Server
Resource Federation Server
Resource Partner Organization
What Are the AD FS Components? AD FS Components: AD DS domain controllers federation server Federation Service Proxy Resource Federation Server Resource Federation Server Proxy AD FS Web Agent
How AD FS Provides Identity Federation in a B2B Scenario INTRANET FOREST
PERIMETER NETWORK
AD DS
Federati on Server
Contos o
Resource Federatio n Server Proxy
Federatio n Server Proxy
Resource
Federation Trust
AD FSenabled Web Server
Online Retailer
Federatio nServer
How AD FS Traffic Flows in a Business to Business Federation Scenario 5 5
AD DS
3 3
Federation Server
Contos o
1 1
Federation Trust
2 2
Web Server
4 4
Resource Federation Server
Online Retailer
Lesson 3: Configuring AD FS Components
• Federation Service Configuration Options • What Are AD FS Trust Policies? • Demonstration: Configuring the Federation Services for an Partner • AD FS Web Proxy Agent Configuration Options • What Are AD FS Claims?
Federation Service Configuration To implement the federation service: Options Create a trust policy for both the resource and partners Create organizational claims Create stores Create and configure applications
What Are AD FS Trust Policies? Trust Trust policies policies are are the the configuration configuration settings settings that that define define how how to to configure configure a a federated federated trust trust and and how how the the federated federated trust trust works works Resource partner trust policies include: Token Token Lifetime Lifetime Federation Federation Service Service URI URI Federation Federation Service Service endpoint endpoint URL URL The The option option to to use use aa Windows Windows trust trust relationship relationship for for this this partner partner
In addition, the partner trust policies include: Location Location for for aa certificate certificate to to the the resource resource partner partner Options Options for for configuring configuring how how resource resource s s are are created created
Demonstration: AD FS Initial Configuration •
In this demonstration, you will see how run the AD FS Management Snap-In and run through the initial configuration steps.
AD FS Web Proxy Agent Configuration AD FS Web Proxy Agent Configuration Options: Options 1
Install the AD FS Web Agent on the IIS server • Windows Token-based authentication requires ISAPI extensions • Claims-aware authorization can authenticate natively with ASP.NET
2
Determine how to collect credential information from browser clients and Web applications
What Are AD FS Claims? Claim Type
Description • UPN: indicates a Kerberos version 5 protocol-style principal name (UPN), for example: @realm
Identity
• E-mail: indicates Request for Comments (RFC) 2822–style e-mail names of the form @domain • Common name: indicates an arbitrary string that is used for personalization
Group
• Indicates hip in a group or role
Custom
• Indicates a claim that contains custom information about a , for example, an employee ID number
Module Review and Takeaways • Review Questions • Summary of AD FS
Thanks for Watching!
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be ed trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Active Directory Federation Services (AD FS)
Microsof t Virtual Click toAcadem edit Masterysubtitle
style
Module Overview • AD FS Overview • AD FS Deployment Scenarios • Configuring AD FS Components
Lesson 1: AD FS Overview • What Is Identity Federation? • What Are the Identity Federation Scenarios? • Benefits of Deploying AD FS
What is Identity Federation? Identity Identity federation federation is is a a process process that that enables enables distributed distributed identification, identification, authentication, authentication, and and authorization authorization across across organizational organizational and and platform platform boundaries boundaries
An identity federation: Requires a trust relationship between two organizations or entities Allows organizations to retain control of: Resource access Their own and group s
What Are the Identity Federation Scenarios? Federation Federation for for business-tobusiness-tobusiness business (B2B) (B2B)
Federation Federation for for business-to-consumer business-to-consumer or or business-tobusiness-toemployee employee in in a a Web Web single single sign-on sign-on scenario scenario
Federation Federation within within an an organization organization across across multiple multiple Web Web applications applications
Benefits of Deploying AD FS AD FS provides the following benefits: Enables improved: Security and control over authentication Regulatory compliance Interoperability with heterogeneous systems Works with Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) Extends AD DS to the Internet
Demonstration: Installing AD FS •
In this demonstration, you will see how to install the Active Directory Federation Services Server Role
Lesson 2: AD FS Deployment Scenarios • What Is a Federation Trust? • What Are the AD FS Components? • How AD FS Provides Identity Federation in a B2B Scenario • How AD FS Traffic Flows in a B2B Federation Scenario • How AD FS Provides Web Single Sign-On • Integrating AD FS and AD RMS
What Is a Federation Trust?
AD DS Federation Trust
Federation Server
Partner Organization
Web Server
Resource Federation Server
Resource Partner Organization
What Are the AD FS Components? AD FS Components: AD DS domain controllers federation server Federation Service Proxy Resource Federation Server Resource Federation Server Proxy AD FS Web Agent
How AD FS Provides Identity Federation in a B2B Scenario INTRANET FOREST
PERIMETER NETWORK
AD DS
Federati on Server
Contos o
Resource Federatio n Server Proxy
Federatio n Server Proxy
Resource
Federation Trust
AD FSenabled Web Server
Online Retailer
Federatio nServer
How AD FS Traffic Flows in a Business to Business Federation Scenario 5 5
AD DS
3 3
Federation Server
Contos o
1 1
Federation Trust
2 2
Web Server
4 4
Resource Federation Server
Online Retailer
Lesson 3: Configuring AD FS Components
• Federation Service Configuration Options • What Are AD FS Trust Policies? • Demonstration: Configuring the Federation Services for an Partner • AD FS Web Proxy Agent Configuration Options • What Are AD FS Claims?
Federation Service Configuration To implement the federation service: Options Create a trust policy for both the resource and partners Create organizational claims Create stores Create and configure applications
What Are AD FS Trust Policies? Trust Trust policies policies are are the the configuration configuration settings settings that that define define how how to to configure configure a a federated federated trust trust and and how how the the federated federated trust trust works works Resource partner trust policies include: Token Token Lifetime Lifetime Federation Federation Service Service URI URI Federation Federation Service Service endpoint endpoint URL URL The The option option to to use use aa Windows Windows trust trust relationship relationship for for this this partner partner
In addition, the partner trust policies include: Location Location for for aa certificate certificate to to the the resource resource partner partner Options Options for for configuring configuring how how resource resource s s are are created created
Demonstration: AD FS Initial Configuration •
In this demonstration, you will see how run the AD FS Management Snap-In and run through the initial configuration steps.
AD FS Web Proxy Agent Configuration AD FS Web Proxy Agent Configuration Options: Options 1
Install the AD FS Web Agent on the IIS server • Windows Token-based authentication requires ISAPI extensions • Claims-aware authorization can authenticate natively with ASP.NET
2
Determine how to collect credential information from browser clients and Web applications
What Are AD FS Claims? Claim Type
Description • UPN: indicates a Kerberos version 5 protocol-style principal name (UPN), for example: @realm
Identity
• E-mail: indicates Request for Comments (RFC) 2822–style e-mail names of the form @domain • Common name: indicates an arbitrary string that is used for personalization
Group
• Indicates hip in a group or role
Custom
• Indicates a claim that contains custom information about a , for example, an employee ID number
Module Review and Takeaways • Review Questions • Summary of AD FS
Thanks for Watching!
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be ed trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Related Documents 3h463d
Windows 2012 Active Directory Federation Services 1301h
April 2022 0
Windows Server 2016 - Active Directory 5d3i
September 2020 0
Active Directory 2g412j
March 2021 0
Ipd - Active Directory Domain Services Version 2.0 1ml1k
April 2022 0
Capacity Planning For Active Directory Domain Services 1m4d5o
November 2019 35
Install Active Directory Domain Services .pdf 3w1fp
December 2019 21More Documents from "Iancu Adina Floricica" 682z6g
Windows 2012 Active Directory Federation Services 1301h
April 2022 0
Berbec 3c81j
March 2023 0
Meredith Wild - Seria Misadventures - Vol.2- Aventurile Unei Sotii Cuminti 56352y
July 2020 0
Rye Tincanknits 664u4p
November 2022 0
Linkuri Video English 585z3h
December 2021 0