150 likes | 274 Views
connecting your private and public clouds with adfs. steve plank “ planky ” m icrosoft. http://blogs.msdn.com/plankytroni xx. splank@microsoft.com. agenda. federation primer adfs with windows azure adfs with office 365. s ecurity token service. s ervice that issues tokens
E N D
connecting your private and public clouds with adfs steve plank “planky” microsoft http://blogs.msdn.com/plankytronixx splank@microsoft.com
agenda • federation primer • adfs with windows azure • adfs with office 365
security token service • service that issues tokens • give it something • user-id/password • x.509 cert • another security token • get a security token back • saml • swt • “cookie” • custom “something” security token
claims transformation email email fred@abc.com fred@abc.com title title buyer purchaser dept dept engineering engineering sts tel no. tel no. 01234 567 890 +441234 567 890 £limit £5m if title == “buyer” AND department == “engineering”: purchaselimit = “£5m” if title == “buyer” AND department == “stationary”: purchaselimit = “£50”
authn with federation provider plankytronixx.com application ad dc federation provider adfs 2 federation trust trust ctrl-alt-del application
service relationships adfs 2.0 adfs 2.0 identity provider identity provider federation provider federation provider relying party ip rp app app X relying party X X X
acs/adfsauthentication flow plankytronixx.com windows azure ad dc app fab acs adfs 2 federation trust federation metadata trust ctrl-alt-del wif web app
roles • claims store: stores claims: • email, firstname, telno, etc… active directory • identity provider (ip): authenticate, issues tokens • user-id/pw, x.509, smartcard…. adfs2, acs, mfg • federation provider (fp): • token in; token out. claims transformation… acs, mfg • relying party (rp): • app that consumes tokens: custom app;office365 • trust: • links rp-fp, fp-ip etc.
agenda • federation primer • adfs with windows azure • adfs with office 365
acs/adfs authentication flow plankytronixx.com windows azure ad dc app fab acs adfs 2 federation trust trust ctrl-alt-del wif web app
agenda • federation primer • adfs with windows azure • adfs with office 365
mfg/adfs authentication flow plankytronixx.com office 365 adfs 2 microsoft federation gateway planky@paul365.com ad dc upn suffix: paul365.com mailboxes planky@paul365.com fred msolid bob john fred@paul365.com planky@paul365.com bob@paul365.com sarah john@paul365.com planky sarah@paul365.com dir sync planky@paul365.com authn platform
review • federation primer • adfswith windows azure • adfswith office 365 • blogs.msdn.com/plankytronixx
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.