Security and Identity in the Cloud

Cloud Identity Blog is my way to discuss, show and share information about different technology topics, mainly in the Security, Identity and Access Management areas.

Browse by Tags

Related Posts
  • Blog Post: Windows Server 2008 Terminal Services gateway #3

    Client Side Configuration to access remote TS Server via TS Gateway Windows Vista Remote Desktop Connection client has new option under Advanced Tab - "Connect from anywhere" If you click on the Settings button it will allow to specify the TS Gateway server: Server name that you type here...
  • Blog Post: Claims based Authentication – Part II

    In previous post we started examination of the authentication process in our demo environment. Lets examine what happens in step 5 of the step-step guide. During this step Contoso STS was configured to work with Fabrikam STS. There were three primary steps in this process: Add Fabrikam STS as Identity...
  • Blog Post: Implementing FIM 2010 Certificate Management (Part 4)

    This is the fourth and final  installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the previous three parts by going to each presentation: “ Implementing FIM 2010 Certificate Management (Part 1) ” “ Implementing FIM 2010 Certificate Management...
  • Blog Post: FIM CM and Custom Subject Policy Module

    Forefront Identity Manager Certificate Management (FIM CM) provides very useful function – it can create certificate with predefined subject, specified by the Administrator and enforced centrally on all certificates issued via FIM CM. Most PKI implementations are governed by Certificate Policy (CP) and...
  • Blog Post: Token Policy and STS

    If you are familiar with PKI projects you are probably know about Certificate Policy (CP) and Certificate Practice Statements (CPS). Both based on published RFC and usually required in most PKI implementations. CP specify the policy for PKI and CPS specifies how this policy is implemented by each CA...
  • Blog Post: Implementing FIM 2010 Certificate Management (Part 2)

    This is the second installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the first part of this series by going to the “ Implementing FIM 2010 Certificate Management (Part 1 )”. If you wonder what is the final result of this specific implementation...
  • Blog Post: Windows 2008 Terminal Services Gateway

    One of the new exciting technologies that will be shipped with Windows 2008 Server is the Terminal Services Gateway. It is exciting not just because it will be used by many companies but because it can be used by many other technologists and make our life a little easier and more exciting. I like...
  • Blog Post: FBCA PKI cross-certification

    For the last few months I've been helping large organization with their efforts to cross-certify their PKI infrastructure with Federal Bridge Certification Authority (FBCA). We had some technical challenges with interoperability between our systems which we were able to resolve fairly quickly with some...
  • Blog Post: Claims Based Authentication – Part III

    This is continuation of two previous posts. Please check them out first, otherwise this one might not make much sense at all. Step 6 in step-step guide configures Fabrikam STS with Relying Party and shows how to configure Information Cards to automate home realm discovery. I’m not going to talk about...
  • Blog Post: Windows Server 2008 Terminal Services Gateway #2

    Configuration of the Terminal Services Gateway is fairly straightforward. The following diagram shows the simplified configuration of how I configured it to get access to my home lab. Windows 2008 provides wizards for all of it different components and the configuration of Terminal...
  • Blog Post: Re-Revoking Certificates with Different Reason Code

    One of my customers is using 3rd party Card Management System (CMS) to manage their smart cards. One of many common management tasks that such systems perform is revocation of the smart card and in particular the certificates issued to the given smart card. Well, of course CMS only originates the revocation...
  • Blog Post: USB authentication tokens

    I've been evaluating USB tokens for two factor authentication for one of my current projects, I've got 3 of them for evaluation: Cryptoken, Axalto e-gate token and Omnikey 6121 token. The basic requirement is to allow VPN authentication into POC solution over the Internet. We used middleware from Raak...
  • Blog Post: Implementing FIM 2010 Certificate Management (Part 1)

    Did you have a chance to watch demonstration on how to use FIM 2010 CM for manual certificate issuance? If not, you can watch it here . If you are interested to learn how I configured FIM 2010 CM environment to be able to provide shown functionality then start watching the following demonstration. I...
  • Blog Post: PKI Installation Made Easy in HD

    Who said that implementing PKI is hard? The following one hour video demonstration shows how to implement the most common PKI solution – two tier PKI with Root CA and Subordinate Issuing CA. I’ll discuss the design and why it is done this way, discuss best settings for PKI implementation and show how...
  • Blog Post: PKI Video Channel

    Over the next few weeks I’ll try to repackage my “PKI Made Easy” video demonstration into HD format and will publish it on my Vimeo video hosting site. If you like, you can bookmark or subscribe to my PKI Video channel so you’ll have a quick access to upcoming updates. This the the link: http://vimeo...
  • Blog Post: More options with Re-Revocation solution

    Controlling the date In previous post I've shown how we can re-revoke all certificates that were revoked post certain date. Solution used to create certutil.exe command with hardcoded date. To automate this solution we need to generate dynamic date. The following script will create input file...
  • Blog Post: Claim Based Authentication IV

    In previous three posts we examined how claim authentication flow works for users in the same domain as SharePoint site and for users from other organizations. As we have seen, the value for Role claim was based on the Active Directory group membership. For instance, Frank Miller from Fabrikam was given...
  • Blog Post: PKI Installation Made Easy–Video

    Ever wonder how difficult it is to install a two tier PKI system? It is actually not that difficult. Watch this video with live step-by-step demonstration showing how to do just that. Entire system can be up and running in under one hour time frame. This is about 70 minutes video presentation showing...
  • Blog Post: Authentication Assurance and Claims Based Authentication

    Authentication Mechanism Assurance is described in the following Microsoft publication: http://technet.microsoft.com/en-us/library/dd378897(v=WS.10).aspx . In this post I want to dig a bit more into different configuration options, show how it works and provide example of how it can be configured with...
  • Blog Post: Implementing FIM 2010 Certificate Management (Part 3)

    This is the third installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the first part of this series by going to the “ Implementing FIM 2010 Certificate Management (Part 1) ” and the second part at “ Implementing FIM 2010 Certificate Management...
  • Blog Post: TS Gateway #4

    Server side configuration In previous 3 postings I talked about why I liked TS gateway, the overall architecture for configuring TS Gateway in home lab environment and the client side configuration. This time I'll show a few screen shots of the TS Gateway configuration. The configuration is very...
  • Blog Post: Claims based Authentication - Part I

    Claims based authentication is getting more ground and with more practical applications we’ll see more and more adoption of this technology. Recently I downloaded and went through step-step demonstration on using Microsoft Office SharePoint Server 2007 and Active Directory Federation Services v2 (ADFS...