1 / 15

Connecting Private and Public Clouds Using ADFS: A Comprehensive Guide

This presentation provides a thorough overview of integrating private and public clouds through Active Directory Federation Services (ADFS). It covers federation basics, ADFS configuration with Windows Azure and Office 365, and security token issuance using various methods like user ID/password, X.509 certificates, and SAML. Key topics include claims transformation, authentication flows, and trust relationships between identity providers and relying parties. This guide is essential for IT professionals aiming to enhance their organization's identity management and security processes.

eron
Télécharger la présentation

Connecting Private and Public Clouds Using ADFS: A Comprehensive Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. connecting your private and public clouds with adfs steve plank “planky” microsoft http://blogs.msdn.com/plankytronixx splank@microsoft.com

  2. agenda • federation primer • adfs with windows azure • adfs with office 365

  3. security token service • service that issues tokens • give it something • user-id/password • x.509 cert • another security token • get a security token back • saml • swt • “cookie” • custom “something” security token

  4. claims transformation email email fred@abc.com fred@abc.com title title buyer purchaser dept dept engineering engineering sts tel no. tel no. 01234 567 890 +441234 567 890 £limit £5m if title == “buyer” AND department == “engineering”: purchaselimit = “£5m” if title == “buyer” AND department == “stationary”: purchaselimit = “£50”

  5. authn with federation provider plankytronixx.com application ad dc federation provider adfs 2 federation trust trust ctrl-alt-del application

  6. service relationships adfs 2.0 adfs 2.0 identity provider identity provider federation provider federation provider relying party ip rp app app X relying party X X X

  7. acs/adfsauthentication flow plankytronixx.com windows azure ad dc app fab acs adfs 2 federation trust federation metadata trust ctrl-alt-del wif web app

  8. roles • claims store: stores claims: • email, firstname, telno, etc… active directory • identity provider (ip): authenticate, issues tokens • user-id/pw, x.509, smartcard…. adfs2, acs, mfg • federation provider (fp): • token in; token out. claims transformation… acs, mfg • relying party (rp): • app that consumes tokens: custom app;office365 • trust: • links rp-fp, fp-ip etc.

  9. agenda • federation primer • adfs with windows azure • adfs with office 365

  10. acs/adfs authentication flow plankytronixx.com windows azure ad dc app fab acs adfs 2 federation trust trust ctrl-alt-del wif web app

  11. agenda • federation primer • adfs with windows azure • adfs with office 365

  12. mfg/adfs authentication flow plankytronixx.com office 365 adfs 2 microsoft federation gateway planky@paul365.com ad dc upn suffix: paul365.com mailboxes planky@paul365.com fred msolid bob john fred@paul365.com planky@paul365.com bob@paul365.com sarah john@paul365.com planky sarah@paul365.com dir sync planky@paul365.com authn platform

  13. review • federation primer • adfswith windows azure • adfswith office 365 • blogs.msdn.com/plankytronixx

  14. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related