See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Security and Identity in the Cloud
Cloud Identity Blog is my way to discuss, show and share information about different technology topics, mainly in the Security, Identity and Access Management areas.
Authentication Mechanism Assurance
Claims Based Authentication
Home Realm Discovery
UAG Custom Portal
Windows Server 2008
Windows Server 2008 R2
Browse by Tags
Security and Identity in the Cloud
Windows Server 2008 Terminal Services gateway #3
Client Side Configuration to access remote TS Server via TS Gateway Windows Vista Remote Desktop Connection client has new option under Advanced Tab - "Connect from anywhere" If you click on the Settings button it will allow to specify the TS Gateway server: Server name that you type here...
28 Jun 2007
Claims based Authentication – Part II
In previous post we started examination of the authentication process in our demo environment. Lets examine what happens in step 5 of the step-step guide. During this step Contoso STS was configured to work with Fabrikam STS. There were three primary steps in this process: Add Fabrikam STS as Identity...
2 Oct 2009
Implementing FIM 2010 Certificate Management (Part 4)
This is the fourth and final installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the previous three parts by going to each presentation: “ Implementing FIM 2010 Certificate Management (Part 1) ” “ Implementing FIM 2010 Certificate Management...
4 Feb 2011
FIM CM and Custom Subject Policy Module
Forefront Identity Manager Certificate Management (FIM CM) provides very useful function – it can create certificate with predefined subject, specified by the Administrator and enforced centrally on all certificates issued via FIM CM. Most PKI implementations are governed by Certificate Policy (CP) and...
4 Oct 2010
Token Policy and STS
If you are familiar with PKI projects you are probably know about Certificate Policy (CP) and Certificate Practice Statements (CPS). Both based on published RFC and usually required in most PKI implementations. CP specify the policy for PKI and CPS specifies how this policy is implemented by each CA...
9 Dec 2009
Implementing FIM 2010 Certificate Management (Part 2)
This is the second installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the first part of this series by going to the “ Implementing FIM 2010 Certificate Management (Part 1 )”. If you wonder what is the final result of this specific implementation...
3 Feb 2011
Windows 2008 Terminal Services Gateway
One of the new exciting technologies that will be shipped with Windows 2008 Server is the Terminal Services Gateway. It is exciting not just because it will be used by many companies but because it can be used by many other technologists and make our life a little easier and more exciting. I like...
26 Jun 2007
FBCA PKI cross-certification
For the last few months I've been helping large organization with their efforts to cross-certify their PKI infrastructure with Federal Bridge Certification Authority (FBCA). We had some technical challenges with interoperability between our systems which we were able to resolve fairly quickly with some...
23 Aug 2006
Claims Based Authentication – Part III
This is continuation of two previous posts. Please check them out first, otherwise this one might not make much sense at all. Step 6 in step-step guide configures Fabrikam STS with Relying Party and shows how to configure Information Cards to automate home realm discovery. I’m not going to talk about...
3 Oct 2009
Windows Server 2008 Terminal Services Gateway #2
Configuration of the Terminal Services Gateway is fairly straightforward. The following diagram shows the simplified configuration of how I configured it to get access to my home lab. Windows 2008 provides wizards for all of it different components and the configuration of Terminal...
27 Jun 2007
Re-Revoking Certificates with Different Reason Code
One of my customers is using 3rd party Card Management System (CMS) to manage their smart cards. One of many common management tasks that such systems perform is revocation of the smart card and in particular the certificates issued to the given smart card. Well, of course CMS only originates the revocation...
18 Aug 2007
USB authentication tokens
I've been evaluating USB tokens for two factor authentication for one of my current projects, I've got 3 of them for evaluation: Cryptoken, Axalto e-gate token and Omnikey 6121 token. The basic requirement is to allow VPN authentication into POC solution over the Internet. We used middleware from Raak...
6 May 2006
Implementing FIM 2010 Certificate Management (Part 1)
Did you have a chance to watch demonstration on how to use FIM 2010 CM for manual certificate issuance? If not, you can watch it here . If you are interested to learn how I configured FIM 2010 CM environment to be able to provide shown functionality then start watching the following demonstration. I...
1 Feb 2011
PKI Installation Made Easy in HD
Who said that implementing PKI is hard? The following one hour video demonstration shows how to implement the most common PKI solution – two tier PKI with Root CA and Subordinate Issuing CA. I’ll discuss the design and why it is done this way, discuss best settings for PKI implementation and show how...
27 Jan 2011
PKI Video Channel
Over the next few weeks I’ll try to repackage my “PKI Made Easy” video demonstration into HD format and will publish it on my Vimeo video hosting site. If you like, you can bookmark or subscribe to my PKI Video channel so you’ll have a quick access to upcoming updates. This the the link: http://vimeo...
20 Jan 2011
More options with Re-Revocation solution
Controlling the date In previous post I've shown how we can re-revoke all certificates that were revoked post certain date. Solution used to create certutil.exe command with hardcoded date. To automate this solution we need to generate dynamic date. The following script will create input file...
21 Sep 2007
Claim Based Authentication IV
In previous three posts we examined how claim authentication flow works for users in the same domain as SharePoint site and for users from other organizations. As we have seen, the value for Role claim was based on the Active Directory group membership. For instance, Frank Miller from Fabrikam was given...
5 Oct 2009
PKI Installation Made Easy–Video
Ever wonder how difficult it is to install a two tier PKI system? It is actually not that difficult. Watch this video with live step-by-step demonstration showing how to do just that. Entire system can be up and running in under one hour time frame. This is about 70 minutes video presentation showing...
15 Dec 2010
Authentication Assurance and Claims Based Authentication
Authentication Mechanism Assurance is described in the following Microsoft publication: http://technet.microsoft.com/en-us/library/dd378897(v=WS.10).aspx . In this post I want to dig a bit more into different configuration options, show how it works and provide example of how it can be configured with...
27 Jun 2012
Implementing FIM 2010 Certificate Management (Part 3)
This is the third installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the first part of this series by going to the “ Implementing FIM 2010 Certificate Management (Part 1) ” and the second part at “ Implementing FIM 2010 Certificate Management...
3 Feb 2011
TS Gateway #4
Server side configuration In previous 3 postings I talked about why I liked TS gateway, the overall architecture for configuring TS Gateway in home lab environment and the client side configuration. This time I'll show a few screen shots of the TS Gateway configuration. The configuration is very...
2 Jul 2007
Claims based Authentication - Part I
Claims based authentication is getting more ground and with more practical applications we’ll see more and more adoption of this technology. Recently I downloaded and went through step-step demonstration on using Microsoft Office SharePoint Server 2007 and Active Directory Federation Services v2 (ADFS...
2 Oct 2009
© 2015 Microsoft Corporation.
Privacy & Cookies