Browse by Tags

Recently I decided to dissect the structure of the default pages in AD FS 2.0 and see what can be done with creating slightly different look from its default look. I wanted to see what files control what areas in the UI and what can be done with minimum code changes. I started working with one of the...

A few month ago I learned something about claims based authentication that I thought was not possible. Ever since starting working on federation solutions, and learning about it via training courses, reading white papers, specifications and presentations the following two topologies were always shown...

Authentication Mechanism Assurance is described in the following Microsoft publication: http://technet.microsoft.com/en-us/library/dd378897(v=WS.10).aspx . In this post I want to dig a bit more into different configuration options, show how it works and provide example of how it can be configured with...

Over the last three month I published many articles on UAG and AD FS. While it each of the posts provides its own information, many of them refer or build on the knowledge provided in the prior posts. So if you had to read it altogether you’d have to start from the end and read forward. One continuous...

In the last nine posts we reviewed different topologies and discussed some of the techniques on how to integrate these topologies together. In this post we’ll take a look at real example of a production implementation. The solution very similar to the following design has been implemented by one of the...

In the last many posts we looked at all kind of different topologies for UAG and AD FS configuration. Now, since we are armed with knowledge of different configuration options, we can put all of them to use and see how we can apply them to real life situations. Before we do this, we need to revisit some...

This post discussing how it is possible to publish applications to Internet based users who authenticate to the UAG via one of the Internet Cloud Identity Providers, such as LiveID, Google, Yahoo or Facebook. The Windows Azure ACS acts as IdP-STS in this configuration topology. This is essentially the...

In this scenario, our partner organization users access claims based applications published by our organization UAG servers. The partner users provide security tokens issued by the partner controlled Identity Provider to our AD FS v2 published by the UAG server. This configuration is the most common...

Today we will discuss a solution that provides the following functionality: You what to require your company external users to use strong AuthN when they access 3 rd party trusted claims based applications. These applications can be hosted in the Cloud or by Partner organization. The description of this...

In previous topologies ( 1 and 2 ) we did not expose AD FS server to the outside users as primary form of authentication. This topology will do this. One of the benefits of using UAG server in combination with AD FS is that it can now act as gateway or proxy server to the internal AD FS server, in fact...

A few weeks ago I started working on a white paper about UAG SP1 and AD FS v2 configuration topologies and sample complex design based on those topologies. I’m still working on it, but I decided to publish different parts of it for folks to see and potentially get some feedback about it as well. Today...

In the last two posts on this subject I showed to you how to use UAG with Forms Based Authentication and as ADFS Proxy. Todays demonstration shows how to use it with Strong Authentication – Certificate Authentication. The topology in this configuration is very similar to the FBA topology, but it requires...

Did you know that you can download virtual labs to your own host system and test Microsoft Business Ready Security (BRS) solutions? It is available to anyone on the Internet. Go check it out for yourself: http://go.microsoft.com/fwlink/?LinkId=190269 If for some reason you can not download those labs...

This is the fourth and final  installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the previous three parts by going to each presentation: “ Implementing FIM 2010 Certificate Management (Part 1) ” “ Implementing FIM 2010 Certificate Management...

This is the third installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the first part of this series by going to the “ Implementing FIM 2010 Certificate Management (Part 1) ” and the second part at “ Implementing FIM 2010 Certificate Management...

This is the second installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the first part of this series by going to the “ Implementing FIM 2010 Certificate Management (Part 1 )”. If you wonder what is the final result of this specific implementation...

Who said that implementing PKI is hard? The following one hour video demonstration shows how to implement the most common PKI solution – two tier PKI with Root CA and Subordinate Issuing CA. I’ll discuss the design and why it is done this way, discuss best settings for PKI implementation and show how...

This video demonstration is another installment in the “Implementing FIM 2010”. It shows how to configure a Management Agent (MA) for joining and then do some breadcrumb of the dirty data. You can watch all video demonstration in the “Implementing FIM 2010” by going to my “Implementing FIM 2010” video...

This is a the second lab from the Implementing Forefront Identity Manager 2010 training. Before watching this demonstration it might be helpful to watch prior  demonstrations, but not required. In this demonstration we are going to perform the following tasks: Connect to an HR data source and import...

This is a continuation of the first lab from the Implementing Forefront Identity Manager 2010 training. Before watching this demonstration it might be helpful to watch the prior two demonstrations, but not required. In this demonstration we are going to perform the following tasks: Log on to Windows...

This is a continuation of the first lab from the Implementing Forefront Identity Manager 2010 training. You can watch the first part of the lab here . In this demonstration we are going to perform the following tasks: Add new users and examine group memberships Add full-time employee Add a contractor...

Here is the recording of the first lab exercise from the Implementing Forefront Identity Manager 2010 training. In this exercise we are going to edit user identity data and observe the effect on other connected systems. Please watch this video in Full screen and in HD for higher quality and better user...

Ever wonder how difficult it is to install a two tier PKI system? It is actually not that difficult. Watch this video with live step-by-step demonstration showing how to do just that. Entire system can be up and running in under one hour time frame. This is about 70 minutes video presentation showing...

  In previous post we started to talk about different SSO solutions.  This post will cover another common SSO approach. Current Solutions Federal Agencies employ two primary strategies to provide Single Sign On across multiple Domains, Applications and across Agency boundaries: Application...

  In previous post we started to talk about different complexities of SSO implementations. Lets review what type of solutions are common in current implementations. Current Solutions Federal Agencies employ two primary strategies to provide Single Sign On across multiple Domains, Applications and...