See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Security and Identity in the Cloud
Cloud Identity Blog is my way to discuss, show and share information about different technology topics, mainly in the Security, Identity and Access Management areas.
Authentication Mechanism Assurance
Claims Based Authentication
Home Realm Discovery
UAG Custom Portal
Windows Server 2008
Windows Server 2008 R2
Browse by Tags
Security and Identity in the Cloud
Chaining Multiple STS
A few month ago I learned something about claims based authentication that I thought was not possible. Ever since starting working on federation solutions, and learning about it via training courses, reading white papers, specifications and presentations the following two topologies were always shown...
18 Aug 2012
Designing UAG and AD FS Solution
In the last many posts we looked at all kind of different topologies for UAG and AD FS configuration. Now, since we are armed with knowledge of different configuration options, we can put all of them to use and see how we can apply them to real life situations. Before we do this, we need to revisit some...
19 Oct 2011
Claims based Authentication – Part II
In previous post we started examination of the authentication process in our demo environment. Lets examine what happens in step 5 of the step-step guide. During this step Contoso STS was configured to work with Fabrikam STS. There were three primary steps in this process: Add Fabrikam STS as Identity...
2 Oct 2009
Open Standard Authentication in the Enterprise, Part 2
In previous post we started to talk about different complexities of SSO implementations. Lets review what type of solutions are common in current implementations. Current Solutions Federal Agencies employ two primary strategies to provide Single Sign On across multiple Domains, Applications and...
15 Jun 2010
Token Policy and STS
If you are familiar with PKI projects you are probably know about Certificate Policy (CP) and Certificate Practice Statements (CPS). Both based on published RFC and usually required in most PKI implementations. CP specify the policy for PKI and CPS specifies how this policy is implemented by each CA...
9 Dec 2009
UAG 2010 and AD FS v2 White Paper is Published
Over the last three month I published many articles on UAG and AD FS. While it each of the posts provides its own information, many of them refer or build on the knowledge provided in the prior posts. So if you had to read it altogether you’d have to start from the end and read forward. One continuous...
5 Nov 2011
UAG and AD FS are Better Together – Publishing Non-Claims Based Applications
In article “ UAG and AD FS are Better Together – UAG as AD FS Proxy ” we explored how user authenticates to UAG portal via claims based authentication and then accesses claims based application published via UAG portal. But what if published application does not support claims based authentication...
24 Sep 2011
AD FS and UAG are Better Together–Example of a real Solution
In the last nine posts we reviewed different topologies and discussed some of the techniques on how to integrate these topologies together. In this post we’ll take a look at real example of a production implementation. The solution very similar to the following design has been implemented by one of the...
29 Oct 2011
Microsoft Business Ready Security–Secure Collaboration with Partners by using AD FS
Did you know that you can download virtual labs to your own host system and test Microsoft Business Ready Security (BRS) solutions? It is available to anyone on the Internet. Go check it out for yourself: http://go.microsoft.com/fwlink/?LinkId=190269 If for some reason you can not download those labs...
7 Feb 2011
Claims Based Authentication – Part III
This is continuation of two previous posts. Please check them out first, otherwise this one might not make much sense at all. Step 6 in step-step guide configures Fabrikam STS with Relying Party and shows how to configure Information Cards to automate home realm discovery. I’m not going to talk about...
3 Oct 2009
UAG and AD FS are Better Together – Strong Auth to Cloud Based Applications
Today we will discuss a solution that provides the following functionality: You what to require your company external users to use strong AuthN when they access 3 rd party trusted claims based applications. These applications can be hosted in the Cloud or by Partner organization. The description of this...
23 Sep 2011
Custom HomeRealmDiscovery Page with AD FS 2.0
Recently I decided to dissect the structure of the default pages in AD FS 2.0 and see what can be done with creating slightly different look from its default look. I wanted to see what files control what areas in the UI and what can be done with minimum code changes. I started working with one of the...
19 Sep 2012
Open Standard Authentication in the Enterprise, Part 1
In the next few posts, I’m going to talk about SSO in Enterprise environments, with emphasis on Federal Government Agencies. Federal Agencies are facing multiple issues with managing digital identities for employees and contractors. While most Agencies use Active Directory as their primary authentication...
14 Jun 2010
Secure Application Access with ADFS and UAG – UAG providing FBA
More and more companies wish to provide secure access to their applications from external locations. At the same time, many of these applications starting to adopt new authentication technologies, for example, like Claims based authentication. The following demonstration shows how companies can use Forefront...
15 Feb 2011
UAG and ADFS are Better Together– Strong Authentication
In the previous post we looked at the most common UAG configuration, with user using username and password for authentication to UAG. In this post we are going to explorer the following configuration – user authenticates to UAG Portal via Certificate Based Authentication (Soft Certificate or Smart...
26 Aug 2011
UAG and ADFS Better Together–Publishing Applications to Partner Organizations
In this scenario, our partner organization users access claims based applications published by our organization UAG servers. The partner users provide security tokens issued by the partner controlled Identity Provider to our AD FS v2 published by the UAG server. This configuration is the most common...
2 Oct 2011
Claim Based Authentication IV
In previous three posts we examined how claim authentication flow works for users in the same domain as SharePoint site and for users from other organizations. As we have seen, the value for Role claim was based on the Active Directory group membership. For instance, Frank Miller from Fabrikam was given...
5 Oct 2009
Secure Application Access by using AD FS and UAG – Strong Authentication
In the last two posts on this subject I showed to you how to use UAG with Forms Based Authentication and as ADFS Proxy. Todays demonstration shows how to use it with Strong Authentication – Certificate Authentication. The topology in this configuration is very similar to the FBA topology, but it requires...
21 Feb 2011
Open Standard Authentication in the Enterprise, Part 3
In previous post we started to talk about different SSO solutions. This post will cover another common SSO approach. Current Solutions Federal Agencies employ two primary strategies to provide Single Sign On across multiple Domains, Applications and across Agency boundaries: Application...
16 Jun 2010
Secure Application Access by using AD FS and UAG – UAG acting as ADFS Proxy Topology
In the previous post I showed to you how UAG can be used with ADFS to publish Claims aware application and provide single sign-on into such applications along with traditional applications which require UserID/password. In that demonstration UAG was configured with Form Based Authentication (FBA...
17 Feb 2011
Levels of Assurance and Claims-based authentication
Federal Agencies must comply with OMB 04-04 publication. There is an established framework asserting different levels of assurance for digital identities, such as user accounts/passwords, Smart Cards and other types of tokens. Claims-based authentication solutions must support the proper assertion...
2 Jun 2010
UAG and ADFS Better Together–Authentication via Azure ACS
This post discussing how it is possible to publish applications to Internet based users who authenticate to the UAG via one of the Internet Cloud Identity Providers, such as LiveID, Google, Yahoo or Facebook. The Windows Azure ACS acts as IdP-STS in this configuration topology. This is essentially the...
18 Oct 2011
Authentication Assurance and Claims Based Authentication
Authentication Mechanism Assurance is described in the following Microsoft publication: http://technet.microsoft.com/en-us/library/dd378897(v=WS.10).aspx . In this post I want to dig a bit more into different configuration options, show how it works and provide example of how it can be configured with...
27 Jun 2012
Claims based Authentication - Part I
Claims based authentication is getting more ground and with more practical applications we’ll see more and more adoption of this technology. Recently I downloaded and went through step-step demonstration on using Microsoft Office SharePoint Server 2007 and Active Directory Federation Services v2 (ADFS...
2 Oct 2009
UAG SP1 and AD FS v2 are Better Together–FBA and Claims
In previous post I started with introduction for UAG and AD FS integrations scenarios. Today post will discuss the first topology - Authentication to UAG Portal via Forms Based Authentication and accessing internal claims based application and other types of applications. Many companies want to provide...
22 Aug 2011
© 2015 Microsoft Corporation.
Privacy & Cookies