Security and Identity in the Cloud

Cloud Identity Blog is my way to discuss, show and share information about different technology topics, mainly in the Security, Identity and Access Management areas.

Browse by Tags

Related Posts
  • Blog Post: Chaining Multiple STS

    A few month ago I learned something about claims based authentication that I thought was not possible. Ever since starting working on federation solutions, and learning about it via training courses, reading white papers, specifications and presentations the following two topologies were always shown...
  • Blog Post: Windows Server 2008 Terminal Services gateway #3

    Client Side Configuration to access remote TS Server via TS Gateway Windows Vista Remote Desktop Connection client has new option under Advanced Tab - "Connect from anywhere" If you click on the Settings button it will allow to specify the TS Gateway server: Server name that you type here...
  • Blog Post: Designing UAG and AD FS Solution

    In the last many posts we looked at all kind of different topologies for UAG and AD FS configuration. Now, since we are armed with knowledge of different configuration options, we can put all of them to use and see how we can apply them to real life situations. Before we do this, we need to revisit some...
  • Blog Post: The FIM Experience–Exercise 1

    Here is the recording of the first lab exercise from the Implementing Forefront Identity Manager 2010 training. In this exercise we are going to edit user identity data and observe the effect on other connected systems. Please watch this video in Full screen and in HD for higher quality and better user...
  • Blog Post: Claims based Authentication – Part II

    In previous post we started examination of the authentication process in our demo environment. Lets examine what happens in step 5 of the step-step guide. During this step Contoso STS was configured to work with Fabrikam STS. There were three primary steps in this process: Add Fabrikam STS as Identity...
  • Blog Post: Microsoft Business Ready Security–Secure Collaboration for Roaming Users with Unified Access Gateway

    Did you know that you can download virtual labs to your own host system and test Microsoft Business Ready Security (BRS) solutions? It is available to anyone on the Internet. Go check it out for yourself: http://go.microsoft.com/fwlink/?LinkId=190269 If for some reason you can not download those labs...
  • Blog Post: Implementing FIM 2010 Certificate Management (Part 4)

    This is the fourth and final  installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the previous three parts by going to each presentation: “ Implementing FIM 2010 Certificate Management (Part 1) ” “ Implementing FIM 2010 Certificate Management...
  • Blog Post: Open Standard Authentication in the Enterprise, Part 2

      In previous post we started to talk about different complexities of SSO implementations. Lets review what type of solutions are common in current implementations. Current Solutions Federal Agencies employ two primary strategies to provide Single Sign On across multiple Domains, Applications and...
  • Blog Post: Token Policy and STS

    If you are familiar with PKI projects you are probably know about Certificate Policy (CP) and Certificate Practice Statements (CPS). Both based on published RFC and usually required in most PKI implementations. CP specify the policy for PKI and CPS specifies how this policy is implemented by each CA...
  • Blog Post: UAG 2010 and AD FS v2 White Paper is Published

    Over the last three month I published many articles on UAG and AD FS. While it each of the posts provides its own information, many of them refer or build on the knowledge provided in the prior posts. So if you had to read it altogether you’d have to start from the end and read forward. One continuous...
  • Blog Post: UAG SP1 and AD FS v2 are Better Together–Introduction

    A few weeks ago I started working on a white paper about UAG SP1 and AD FS v2 configuration topologies and sample complex design based on those topologies. I’m still working on it, but I decided to publish different parts of it for folks to see and potentially get some feedback about it as well. Today...
  • Blog Post: Implementing FIM 2010 Certificate Management (Part 2)

    This is the second installment in a four part series showing how to implement FIM 2010 Certificate Management solution. You can watch the first part of this series by going to the “ Implementing FIM 2010 Certificate Management (Part 1 )”. If you wonder what is the final result of this specific implementation...
  • Blog Post: AD FS and UAG are Better Together–Example of a real Solution

    In the last nine posts we reviewed different topologies and discussed some of the techniques on how to integrate these topologies together. In this post we’ll take a look at real example of a production implementation. The solution very similar to the following design has been implemented by one of the...
  • Blog Post: Windows 2008 Terminal Services Gateway

    One of the new exciting technologies that will be shipped with Windows 2008 Server is the Terminal Services Gateway. It is exciting not just because it will be used by many companies but because it can be used by many other technologists and make our life a little easier and more exciting. I like...
  • Blog Post: FIM 2010–Importing and Synchronizing Data–Video Demonstration

    This is a the second lab from the Implementing Forefront Identity Manager 2010 training. Before watching this demonstration it might be helpful to watch prior  demonstrations, but not required. In this demonstration we are going to perform the following tasks: Connect to an HR data source and import...
  • Blog Post: Claims Based Authentication – Part III

    This is continuation of two previous posts. Please check them out first, otherwise this one might not make much sense at all. Step 6 in step-step guide configures Fabrikam STS with Relying Party and shows how to configure Information Cards to automate home realm discovery. I’m not going to talk about...
  • Blog Post: Windows Server 2008 Terminal Services Gateway #2

    Configuration of the Terminal Services Gateway is fairly straightforward. The following diagram shows the simplified configuration of how I configured it to get access to my home lab. Windows 2008 provides wizards for all of it different components and the configuration of Terminal...
  • Blog Post: UAG and AD FS are Better Together – Strong Auth to Cloud Based Applications

    Today we will discuss a solution that provides the following functionality: You what to require your company external users to use strong AuthN when they access 3 rd party trusted claims based applications. These applications can be hosted in the Cloud or by Partner organization. The description of this...
  • Blog Post: Custom HomeRealmDiscovery Page with AD FS 2.0

    Recently I decided to dissect the structure of the default pages in AD FS 2.0 and see what can be done with creating slightly different look from its default look. I wanted to see what files control what areas in the UI and what can be done with minimum code changes. I started working with one of the...
  • Blog Post: The FIM Experience–Exercise 2 and 3–Video Demonstration

    This is a continuation of the first lab from the Implementing Forefront Identity Manager 2010 training. You can watch the first part of the lab here . In this demonstration we are going to perform the following tasks: Add new users and examine group memberships Add full-time employee Add a contractor...
  • Blog Post: Re-Revoking Certificates with Different Reason Code

    One of my customers is using 3rd party Card Management System (CMS) to manage their smart cards. One of many common management tasks that such systems perform is revocation of the smart card and in particular the certificates issued to the given smart card. Well, of course CMS only originates the revocation...
  • Blog Post: Open Standard Authentication in the Enterprise, Part 1

    In the next few posts, I’m going to talk about SSO in Enterprise environments, with emphasis on Federal Government Agencies. Federal Agencies are facing multiple issues with managing digital identities for employees and contractors. While most Agencies use Active Directory as their primary authentication...
  • Blog Post: PKI Installation Made Easy in HD

    Who said that implementing PKI is hard? The following one hour video demonstration shows how to implement the most common PKI solution – two tier PKI with Root CA and Subordinate Issuing CA. I’ll discuss the design and why it is done this way, discuss best settings for PKI implementation and show how...
  • Blog Post: UAG and ADFS Better Together–Publishing Applications to Partner Organizations

    In this scenario, our partner organization users access claims based applications published by our organization UAG servers. The partner users provide security tokens issued by the partner controlled Identity Provider to our AD FS v2 published by the UAG server. This configuration is the most common...
  • Blog Post: More options with Re-Revocation solution

    Controlling the date In previous post I've shown how we can re-revoke all certificates that were revoked post certain date. Solution used to create certutil.exe command with hardcoded date. To automate this solution we need to generate dynamic date. The following script will create input file...