SIA 318 Managing and Extending Active Directory Federation

SIA 318 Managing and Extending Active Directory Federation Services Brian Puhl Technology Architect Microsoft Corporation

Identity Provider Federation Service Active Directory Application Provider Federation Service Application

1. Identity Provider Federation Service Active Directory Application Provider Federation Service Application User browses to application a. Anonymous landing page or automatic redirect?

Identity Provider Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery Application Provider Federation Service Application

Identity Provider Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to Id. P Federation Service a. Sign-in against AD Application Provider Federation Service Application

Identity Provider Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to Id. P Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules Application Provider Federation Service Application

Identity Provider Federation Service Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to Id. P Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules 5. Redirects to application Application Provider Federation Service Application

1. Federation Service Application Active Directory User browses to application a. Anonymous landing page or automatic redirect?

Federation Service Application Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery

Federation Service Application Active Directory 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to Id. P Federation Service a. Sign-in against AD

Federation Service 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to Id. P Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules Application Active Directory

Federation Service 1. User browses to application a. Anonymous landing page or automatic redirect? 2. Application redirects to federation service a. Home Realm Discovery 3. Redirects to Id. P Federation Service a. Sign-in against AD 4. Redirects back to Federation services a. Claims provider trust rules b. Relying party rules 5. Redirects to application Active Directory

ASP. Net Page: HRD. aspx When service loads HRD. aspx page, check wtrealm and lookup HRD experience to display

ASP. Net Page: HRD. aspx For each application which requires, convert their desired page from. aspx to. ascx and load into a full screen panel in the. aspx page ASP. Net User Control (. ascx) Note the. aspx page needs a select. WHR method calling Select. Home. Realm()

Note that this team did not want all 4 HRD options to be displayed? That’s a problem…

d. XJu. Om. Zl. ZGVy. YXRpb 246 TVNGVA== Base 64 encoded value: urn: federation: MSFT This is the federation service identifier for the claims provider trust partner that the HRD cookie maps to

The default IE user experience does not render anything in the browser behind the credential popup

#TE(sessioncode) Talk to our Experts at the TLC DOWNLOAD Windows Server 2012 Release Candidate Hands-On Labs microsoft. com/windowsserver DOWNLOAD Windows Azure Windowsazure. com/ teched

Learning Connect. Share. Discuss. Microsoft Certification & Training Resources http: //northamerica. msteched. com www. microsoft. com/learning Tech. Net Resources for IT Professionals Resources for Developers http: //microsoft. com/technet http: //microsoft. com/msdn

Complete an evaluation on Comm. Net and enter to win!

to evaluate this session now on