Browse by Tags

Recently I decided to dissect the structure of the default pages in AD FS 2.0 and see what can be done with creating slightly different look from its default look. I wanted to see what files control what areas in the UI and what can be done with minimum code changes. I started working with one of the...

A few month ago I learned something about claims based authentication that I thought was not possible. Ever since starting working on federation solutions, and learning about it via training courses, reading white papers, specifications and presentations the following two topologies were always shown...

Authentication Mechanism Assurance is described in the following Microsoft publication: http://technet.microsoft.com/en-us/library/dd378897(v=WS.10).aspx . In this post I want to dig a bit more into different configuration options, show how it works and provide example of how it can be configured with...

  In previous post we started to talk about different SSO solutions.  This post will cover another common SSO approach. Current Solutions Federal Agencies employ two primary strategies to provide Single Sign On across multiple Domains, Applications and across Agency boundaries: Application...

  In previous post we started to talk about different complexities of SSO implementations. Lets review what type of solutions are common in current implementations. Current Solutions Federal Agencies employ two primary strategies to provide Single Sign On across multiple Domains, Applications and...

In the next few posts, I’m going to talk about SSO in Enterprise environments, with emphasis on Federal Government Agencies. Federal Agencies are facing multiple issues with managing digital identities for employees and contractors. While most Agencies use Active Directory as their primary authentication...

  Federal Agencies must comply with OMB 04-04 publication. There is an established framework asserting different levels of assurance for digital identities, such as user accounts/passwords, Smart Cards and other types of tokens. Claims-based authentication solutions must support the proper assertion...

If you are familiar with PKI projects you are probably know about Certificate Policy (CP) and Certificate Practice Statements (CPS). Both based on published RFC and usually required in most PKI implementations. CP specify the policy for PKI and CPS specifies how this policy is implemented by each CA...

In previous three posts we examined how claim authentication flow works for users in the same domain as SharePoint site and for users from other organizations. As we have seen, the value for Role claim was based on the Active Directory group membership. For instance, Frank Miller from Fabrikam was given...

This is continuation of two previous posts. Please check them out first, otherwise this one might not make much sense at all. Step 6 in step-step guide configures Fabrikam STS with Relying Party and shows how to configure Information Cards to automate home realm discovery. I’m not going to talk about...

In previous post we started examination of the authentication process in our demo environment. Lets examine what happens in step 5 of the step-step guide. During this step Contoso STS was configured to work with Fabrikam STS. There were three primary steps in this process: Add Fabrikam STS as Identity...

Claims based authentication is getting more ground and with more practical applications we’ll see more and more adoption of this technology. Recently I downloaded and went through step-step demonstration on using Microsoft Office SharePoint Server 2007 and Active Directory Federation Services v2 (ADFS...