In the last two posts on this subject I showed to you how to use UAG with Forms Based Authentication and as ADFS Proxy. Todays demonstration shows how to use it with Strong Authentication – Certificate Authentication. The topology in this configuration is very similar to the FBA topology, but it requires additional configuration on the UAG to require certificate authentication and we have to utilize Kerberos Constrained Delegation to access ADFS server. KCD is required because when user authenticates to the UAG portal, he never provides his UserID/Password, so if we want to have SSO then UAG must be able to impersonate user by using KCD, and provide Kerberos ticket on the behalf of the user to the AD FS server.
This demonstration was created to satisfy the following requirements for our fictitious Woodgrove Bank Corp:
You can also watch this demo from my other blog at http://CloudIdentityBlog.com
As always, for best user experience please watch this demo in Full screen and enable HD. Let me know if you have any questions.
In case you missed, a few days ago Microsoft released U-Prove Community Technology Preview R2, you can get the official page with more information about it and related downloads: https://connect.microsoft.com/site1188
At the time of this release it was also announced that Windows Card Space 2.0 will no longer ship. Here is the link to this announcement: http://blogs.msdn.com/b/card/archive/2011/02/15/beyond-windows-cardspace.aspx
In the previous post I showed to you how UAG can be used with ADFS to publish Claims aware application and provide single sign-on into such applications along with traditional applications which require UserID/password. In that demonstration UAG was configured with Form Based Authentication (FBA) and user was authenticating to UAG before they could get access to actual applications.
Today’s demonstration shows a different UAG/ADFS topology, with UAG configured as ADFS proxy is exposes ADFS server for authentication and then it can provide you with UAG portal or directly route to the target application.
You can also watch this demo on my blog at http://CloudIdentityBlog.com
More and more companies wish to provide secure access to their applications from external locations. At the same time, many of these applications starting to adopt new authentication technologies, for example, like Claims based authentication. The following demonstration shows how companies can use Forefront UAG 2010 and AD FS 2.0 to provide secure access to different types of internal applications, all published via single unified portal and providing Single Sign-On experience to their users.
The solution in this demonstration shows UAG implemented to use FBA as main authentication mechanism and it ability to access Claims based applications.
This solution created to satisfy the following requirements for our fictitious Woodgrove Bank corporation:
You can also watch this demo and other demos from my blog at http://CloudIdentityBlog.com
For best viewing experience please watch it in Full screen with High Definition ON. Let me know if you have any questions.
Did you know that you can download virtual labs to your own host system and test Microsoft Business Ready Security (BRS) solutions? It is available to anyone on the Internet. Go check it out for yourself: http://go.microsoft.com/fwlink/?LinkId=190269
If for some reason you can not download those labs, don’t have time to set it all up , don’t have capable hardware/OS to run it or you need extra explanation on how these solutions work then you are in the right place. Here is one of the solutions that are enabled by Microsoft BRS.
The following demo shows solution created to satisfy the following business and technical requirements:
You can also watch this demo from my blog at http://CloudIdentityBlog.com