70 likes | 185 Views
Microsoft Geneva report SURFworks 2009 SURFfederatie PoCs activity. Geneva Activity Overview. Three main topics (slightly adapted from the original plan):
E N D
Microsoft Geneva reportSURFworks 2009 SURFfederatie PoCs activity
Geneva Activity Overview • Three main topics (slightly adapted from the original plan): • Evaluate Microsoft’s Geneva technology for usage in SURFfederatie and provide feedback to Microsoft through participation in a Technology Adoption Program (Geneva TAP) • Evaluate recent developments in Sharepoint/Geneva for connecting Sharepoint to SURFfederatie with support for Office clients (outside of browsers) • Evaluate usage of Outlook Live (“hosted exchange”) through SURFfederatie in a pilot (“Connected Federation” pilot) SURFnet. We make innovation work
Microsoft Geneva • Devised as a unified platform, but then split into 3 separate components again, each with their own release paths: • Active Directory Federation Services (AD FS) 2.0 • successor of the ADFS 1.0 server (“IDP”) • Include support for SAML 2.0 • Windows Identity Framework (WIF) • Development framework for claims-aware (“federated”) .NET applications (eg. used in federating Sharepoint) • Cardspace 2.0 • Alternative authentication paradigm: not evaluated due to changes in priority SURFnet. We make innovation work
ADFS 2.0 results • The ADFS 2.0 SAML 2.0 IDP functionality was (eventually) found to be interoperable with SURFfederatie • 1 major interoperability issue was fixed: signed request verification was flawed in ADFS 2.0 • Several (6) non-critical improvements have been suggested and accepted/fixed • Initial version of installation manual for SURFnet IDPs was released: updates are expected when the final ADFS 2.0 is released SURFnet. We make innovation work
Sharepoint results • In a closed lab environment (at 2AT) it has been verified that federated login to Sharepoint 2007 is possible while maintaining support for Office clients (Word, Explorer) • But only on specific versions of OS and Clients • An “embedded browser popup” is used for handling the federated login • The protocol currently used is WS-Federation: whether SAML 2.0 can be used is still unsure (SURFfederatie supports both though) • An actual “live” connection to SURFfederatie test servers has not been created yet due to time constraints SURFnet. We make innovation work
Outlook Live results • Feedback on the process of connecting to Outlook Live has been reported to Microsoft: documentation on names and certificates needs to be improved. • The goal of creating a federated connection (for UvT only) to Outlook Live has not been realized due to provisioning (mail accounts) and timing problems (pilot ended) • Having the SURFfederatie gateway connect to the Microsoft Federation Gateway (MFG) on behalf of all SURFnet IDPs is technically impossible without adaptations on the MFG SURFnet. We make innovation work
Conclusions • The upcoming release ADFS 2.0 server for is supported by SURFfederatie and documentation will be available for IDPs. • Sharepoint 2007 supports federated login with Office-clients/Windows-Explorer WebDAV functions: login to externally hosted Sharepoint installations through SURFfederatie should be possible (provisioning still needs attention though) • At this time Microsoft’s Outlook Live environment does not support federated login; creating separate LiveID’s is the only currently verified solution. SURFnet. We make innovation work