Managing trust relationships with multiple business identity providers (basics) 55091A; 3 Days, Instructor-led

Similar documents
Developing Windows Azure and Web Services

COURSE 20487B: DEVELOPING WINDOWS AZURE AND WEB SERVICES

Course Overview This five-day course will provide participants with the key knowledge required to deploy and configure Microsoft Azure Stack.

Developing Microsoft Azure and Web Services. Course Code: 20487C; Duration: 5 days; Instructor-led

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

[MS20487]: Developing Windows Azure and Web Services

Identity with Windows Server 2016

METHODOLOGY This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises.

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions

[MS20347]: Enabling and Managing Office 365

Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack

[MS20533]: Implementing Microsoft Azure Infrastructure Solutions

Identity with Windows Server 2016

At Course Completion: Course Outline: Course 20742: Identity with Windows Server Learning Method: Instructor-led Classroom Learning

20533B: Implementing Microsoft Azure Infrastructure Solutions

Course 20488A: Developing Microsoft SharePoint Server 2013 Core Solutions

20742: Identity with Windows Server 2016

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

Microsoft Core Solutions of Microsoft SharePoint Server 2013

[MS10992]: Integrating On-Premises Core Infrastructure with Microsoft Azure

NE Administering Windows Server 2012

Sentinet for BizTalk Server SENTINET

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Implementing Microsoft Azure Infrastructure Solutions (20533)

Implementing Desktop Application Environments

Course Outline. Introduction to Azure for Developers Course 10978A: 5 days Instructor Led

20347: Enabling and Managing Office hours

Enabling and Managing Office 365 (NI152) 40 Hours MOC 20347A

M20742-Identity with Windows Server 2016

Configuring and Administering Microsoft SharePoint 2010

Office 365 Administration and Troubleshooting

Course Outline. Enabling and Managing Office 365 Course 20347A: 5 days Instructor Led

Essentials of Developing Windows Store Apps Using C#

Developing Enterprise Cloud Solutions with Azure

20331B: Core Solutions of Microsoft SharePoint Server 2013

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services (Course 6425A)

Active Directory Services with Windows Server

Active Directory Services with Windows Server

Office : Enabling and Managing Office 365. Upcoming Dates. Course Description. Course Outline

MS-20487: Developing Windows Azure and Web Services

Office 365 Administration and Troubleshooting

ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER

Integrating On-Premises Identity Infrastructure with Microsoft Azure

Active Directory Services with Windows Server

Planning and Administering SharePoint 2016

Course 10174B: OVERVIEW COURSE DETAILS. Configuring and Administering Microsoft SharePoint 2010

Planning and Administering SharePoint 2016

Advanced Technologies of SharePoint 2016

Planning and Administering SharePoint 2016 ( A)

Microsoft Azure Course Content

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

Course 20488: Developing Microsoft SharePoint Server 2013 Core Solutions

Azure Certification BootCamp for Exam (Developer)

Essentials of Developing Windows Store Apps Using HTML5 and JavaScript

Administering Windows Server 2012

Advanced Solutions of Microsoft SharePoint 2013

Developing Microsoft SharePoint Server 2013 Core Solutions

At Course Completion After completing this course, students will be able to:

20537A: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack

Advanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours

Administering Windows Server 2012

Installing and Configuring Windows Server 2012

CVE-400-1I Engineering a Citrix Virtualization Solution

Course Outline: Course : Core Solutions Microsoft SharePoint Server 2013

Enabling and Managing Office 365

Education and Support for SharePoint, Office 365 and Azure

10997: Office 365 Administration and Troubleshooting

Configuring and Administering Microsoft SharePoint 2010

Enabling and Managing Office 365

MCSA Office 365 Bootcamp

A: PLANNING AND ADMINISTERING SHAREPOINT 2016

COURSE OUTLINE. COURSE OBJECTIVES After completing this course, students will be able to: 1 - INSTALLING & CONFIGURING DCS

"Charting the Course... MOC B Active Directory Services with Windows Server Course Summary

Advanced Technologies of SharePoint 2016 ( )

Upgrading Your Development Skills to SharePoint 2013

POWER BI BOOTCAMP. COURSE INCLUDES: 4-days of instructor led discussion, Hands-on Office labs and ebook.

C: Deploying and Managing Windows 10 Using Enterprise Services. Duration: 5 days; Instructor-led

Sentinet for Windows Azure VERSION 2.2

Course : Planning and Administering SharePoint 2016

Module Title : Course 55014A : Upgrading Your Development Skills to SharePoint 2013 Duration : 5 days

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010

Advanced Technologies of SharePoint 2016

AVANTUS TRAINING PTE PTE LTD LTD

Deploying and Managing Windows 10 Using Enterprise Services

DEVELOPING MICROSOFT SHAREPOINT SERVER 2013 ADVANCED SOLUTIONS. Course: 20489A; Duration: 5 Days; Instructor-led

MS 20488: Developing Microsoft SharePoint Server 2013 Core Solutions Duration: 5 Days Method: Instructor-Led

: 20488B: Customized Developing Microsoft SharePoint Server

10135: Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Service Pack 2

DevOps Using VSTS and Azure

Microsoft Enabling and Managing Office 365

Microsoft Azure Integration and Security. Course Code: AZ-101; Duration: 4 days; Instructorled

Developing Microsoft SharePoint Server 2013 Core Solutions

2730 : Building Microsoft Content Management Server 2002 Solutions

Course 20484: Essentials of Developing Windows Store Apps Using C#

SharePoint 20488: Developing Microsoft SharePoint Server 2013 Core Solutions. Upcoming Dates. Course Description. Course Outline

Designing Windows Server 2008 Network and Applications Infrastructure

Sentinet for Microsoft Azure SENTINET

COURSE 20488B: DEVELOPING MICROSOFT SHAREPOINT SERVER 2013 CORE SOLUTIONS

Transcription:

Managing trust relationships with multiple business identity providers (basics) 55091A; 3 Days, Instructor-led Course Description Decoupling cloud service from all the complexity maintaining a direct relationship with all the identity providers. Any identity provider can use its own authentication protocol and the authentication results will get normalized and once established will Access Control Services (ACS) care about authentication and authorization including provisioning of a UI for the user to choose among all the recognized identity providers. Claims will be accessible for the application developer as well as for SSO ITPro to establish easy authentication and/or authorization without the necessity to know authentication protocols in detail. Management of different and multiple business identity providers will be handled in a unique fashion without the necessity to write different code. This relationship is called normalizing attributes and will be realized by you via the Azure Management APIs. Audience Profile This course is intended for Architects, IT Professional (IT Pros) and Developers. IT Professional (IT Pros) who also create software applications, build or write computer code or develop Web sites or complex macros as a secondary responsibility and Developers who create software applications, develop web sites and create complex macros. Both should have a minimum of three months programming experience in C# and have basic Visual Studio 2010 or Visual Studio 2012 or Visual Studio 2013 navigation skills as well as Architects tasked with transitioning Identity and Access from classic on-premise or non-azure datacenters into Microsoft Azure Cloud or tasked to build secure IaaS/PaaS Hybrids between on-premise and Microsoft Azure Cloud. Course Completion After completing this course, students will be able to: Establish an organizational Enterprise Security Service Bus Forward every request from unauthenticated users to ACS Broker authentication Change access rules in response to programmatic events Produce a securable resource Configure and code Input and Output claims transformation Broker Security Token Services from Yahoo and Microsoft Establish a tokenized communication between Azure Namespaces and WS-Federation sign-in endpoints

Establish a Microsoft Azure Active Directory (MAAD) as an (additional) identity provider for any application associated/interfacing with their namespace Create an Azure Identity Provider via Namespace association Establish Azure Active Directory data streams into Name Space connected Applications Register a MAAD Graph Database as an additional identity provider for a namespace that controls global access and SSO Execute basic steps to establish MAAD as an SSO identity providers for web application Prerequisites Before attending this course, students must have: Knowledge and Skills to accomplish a given assignment in Visual Studio when using the General Development Settings collection in Visual Studio 2010 or Visual Studio 2012 or Visual Studio 2013. There is no prerequisite nor a requirement to use a credit card to establish a Microsoft Azure Account or to have a Microsoft Azure Account at all. Every student receives one or more than one dedicated cloud service(s) in VBIC s cloud based virtual classroom. Students can be virtually anywhere and at different time zones and require only a Windows based OS device to utilize their Remote Desktop Connection tool, available on all Microsoft Windows Desktop operating systems > Windows XP. Course Outline Module 1: Integration of traditional ASP.NET Web Sites into Enterprise Security Service Bus (ESSB) Decoupling cloud services from all the complexity by maintaining a direct relationship with all the identity providers is the topic of this module. Each identity provider can use its own authentication protocol and the authentication results will get normalized and once established will Access Control Services (ACS) care about authentication and authorization including provisioning of a UI for the user to choose among all the recognized identity providers. Claims will be accessible for the application developer as well as for SSO ITPros to establish easy authentication and/or authorization without the necessity to know authentication protocols in detail. Management of different and multiple business identity providers will be handled in a unique fashion without the necessity to write different code. This relationships is called normalizing attributes and will be realized by you via the Azure Management APIs. Establish first steps to build an organizational Enterprise Security Service Bus Forwarding every request from unauthenticated users to ACS Broker authentication Change access rules in response to programmatic events For this Lab has a dedicated Cloud Service in VBIC s virtual cloud classroom been issued Every student is using his dedicated developer environment and in addition has been granted therefore been granted an organizational account and executes this training as organizational

Lab: First step to establish an organizational Enterprise Security Service Bus Create a new Microsoft Azure Service Namespace Base this namespace inside of a selected region Scope this namespace global for planetary validity and reach Lab: ACS to delegate authentication Removal of pre-coa (Cloud Oriented Architecture) pattern from a standard WEB Site project Apply standard procedures aimed to establish Access Control Services (ACS) as a broker service Design this service to handle authentication and authorization, including provisioning of a UI for the user to choose among all the recognized identity providers Lab: Relying Party Identity terms used in the ACS Management Portal referencing items in the Microsoft Azure Management Portal Binding and bridging IaaS/PaaS items from the Microsoft Azure Management Portal with PaaS/SaaS items from the ACS Management Portal Create an identity consuming Relying Party that is an identity term for a cloud service, a term in the Microsoft Azure Management Portal for a PaaS component encapsulating IaaS components Storage of identities and services capable to authenticate users Creation of Identity Provider Design ACS namespaces to interface with more than one storage or authentication services for users Reuse of pre-factored URIs to integrate multiple identity providers into your cloud service for authentication and authorization purposes Lab: Forwarding every request from unauthenticated users to ACS Establish WS-Federation Metadata endpoints Create a document interface describing the WS-Federation STS that ACS exposes in a Microsoft Azure namespace Program that every authentication request will be forwarded to Azure ACS and to return to the application you currently program, e.g. a Web Site Execution of a combination of tasks shared between ITPro and Developer Design functional workflows between Microsoft Azure IaaS and Microsoft Azure PaaS Lab: Brokering authentication Configure the ACS management portal to provide a variety of multiple identity provider (IP) Configuration of multiple and parallel IP interfaces to ACS Establish management and direct binding between Users, Azure Cloud Services and Identity provider Interface Provide public brokering services between IPs and Cloud Services Add Identity providers as IaaS via Microsoft Azure Management Portals well as PaaS programmatically via Visual Studio (VSTO) while both are brokered by Azure Access Control Services Configure transformation of Claims input before it reaches the final recipient; the relying application. Create and edit rule groups manually using the ACS Management Portal and programmatically via (VST)

Lab: Change access rules in response to programmatic events Create and edit rule groups no longer manually using the ACS Management Portal but programmatically Reapply steps learned by utilizing configuration in ACS Management Portal now via code and programming the ACS Management Service Create a dedicated interface for a programmatic approach and secure it with a password Hands on create first steps in order to establish an organizational Enterprise Security Service Bus Forward every request from unauthenticated users to ACS Broker authentication Change access rules in response to programmatic events Module 2: Integration of public identity provider into Enterprise Security Service Bus (ESSB) Advanced procedures aimed to decouple cloud service from all the complexity while maintaining a direct relationship with a multiplicity of identity providers is the core learning unit of this module. Any identity provider can use its own authentication protocol and the authentication results will get normalized and once established will Access Control Services ACS care about authentication and authorization, including providing a UI for the user of this multiple identity SSO system enabling them to choose among all the Azure recognized identity providers. Claims will be accessible for the developer to establish easy authorization without the necessity to know authentication protocols in detail. Management of different and multiple business identity providers will be handled in a unique fashion without the necessity to write different code. This relationship is called normalizing attributes and will be realized by you via the Microsoft Azure Portal and the management API. In addition to the exercise already executed that did provide know how to integrate business directories into a Federate Identity meshwork will you now do a selection of the very same steps to task Microsoft Azure to serve users coming from Facebook or Microsoft Live ID if they want to use your web site. Hands-on establish advanced steps to create an organizational Enterprise Security Service Bus Forwarding every request from unauthenticated users to ACS Lab: Produce a securable resource Create a simple cloud service Interface a cloud service with multiplicity of identity provider Decoupled a cloud service from all the complexity of having to maintaining a direct relationship with a multiplicity of identity provider For this Lab has a new dedicated Cloud Service in VBIC s virtual cloud classroom been issued Every student is using his dedicated developer environment and in addition has been granted

therefore been granted an organizational account and executes this training as organizational Lab: Input and Output claims transformation Configure claims input coming from Yahoo and Microsoft IDs into ACS Transformed input to output claims Configure delivery of transformed output claims towards your relying party application Lab: Brokering Security Token Services from Yahoo and Microsoft Establish trust relationship between your claims-aware application and the Azure Access Control Services Establish ACS as a trusted Brokering Service between Microsoft Azure, Yahoo and Microsoft First step to establish an organizational Enterprise Security Service Bus Forwarding every request from unauthenticated users to ACS Module 3: Develop and publish applications that integrate with Microsoft Azure Active Directory (MAAD) In this module a pre-existing Microsoft Azure Active Directory (MAAD) repository is available in VBIC s virtual classroom, consisting of users to be interfaced to a namespace and released for application to be linked to this Access Control namespace. As a result will the Microsoft Azure Active Directory be available as an (additional) identity provider for any application associated/interfacing with this namespace. Applications that are connected to your access control namespace become interfaced with the VBIC provided Microsoft Azure Active Directory (MAAD). MAAD generated tokens will be transformed into ACS tokens, available for authentication and authorization purposes for user identities, application identities and data identities. You ll define the recipient for the success token, signaling a positive authentication event, as a URL address, parameterized as an App. You ll further define countermeasure preventing man-in-the-middle attacks by defining the App ID URI, by utilizing a control parameter that has to be delivered with the MAAD token. The MAAD user token must be delivered in conjunction with the entityid of the Access Control namespace, otherwise ACS would interpret it as a token reused from a man-in-the-middle attack. As ACS does not call the Graph API is there no SSO with read or write access to MAAD at all, just MAAD providing additional identities via token, based on a fixed selection in ACS. Calling MAAD Graph API and establishing a global SSO and a multitenant Single Sign-Up read or write access to MAAD is covered in Course 55086AC - Enterprise SSO - cloud audited deployment for distributed onsite-offsite development. Establish a tokenized communication between Azure Namespaces and WS-Federation sign-in endpoints Establish a Microsoft Azure Active Directory (MAAD) as an (additional) identity provider for any application associated/interfacing with your namespace For this Lab has a new dedicated Cloud Service in VBIC s virtual cloud classroom been issued

Every student is using his dedicated developer environment and in addition has been granted therefore been granted an organizational account and executes this training as organizational Lab: Azure Identity Provider via Namespace association Interface with a pre-existing Microsoft Azure Active Directory (MAAD) repository Bind users of MAAD to a namespace Released binding as an application to be linked to this Access Control namespace Configure Microsoft Azure Active Directory as an (additional) identity provider for any application associated/interfacing with this namespace Lab: Establish Azure Active Directory data streams into Name Space connected Applications Program and configure a generic interface aimed that all applications developed so far connect to your access control namespace and become interfaced with the VBIC provided Microsoft Azure Active Directory (MAAD) Transform MAAD generated tokens into ACS tokens, available for authentication and authorization purposes for user identities, application identities and data identities Define the recipient for the success token, signaling a positive authentication event, as a URL address, parameterized as an App Define countermeasures preventing man-in-the-middle attacks by defining the App ID URI and by utilizing a control parameter that has to be delivered with the MAAD token Configure and code man-in-the-middle countermeasures Design MAAD to provide additional identities via token based on a fixed selection in ACS as an alternative to complex SSO setups Lab: MAAD Graph Database registration as an additional identity provider for your namespace that controls global access and SSO Configure a customized selection Establish an additional security token service (STS) as an additional Identity Provider Bind a custom STS to MAAD Bind MAAD to a custom STS and establish a customized STS selection as MAAD claims identity Lab: MAAD identity providers as SSO for web application Use MAAD as part of all other registered identity provider for the Access Control namespace Utilize operational standard procedures to execute and showcase MAAD selection during development of a web app Execute operational procedures for Key Management required between Azure and Visual Studio in order to associate the app with your Access Control namespace Establish a tokenized communication between Azure Namespaces and WS-Federation sign-in endpoints Establish Microsoft Azure Active Directory (MAAD) as an (additional) identity provider for any application associated/interfacing with their namespace

Module 4: Assessment (if time permits): Add French, German, English and Italian as a multilingual integration of traditional ASP.NET Web Sites into your Enterprise Security Service Bus (ESSB) Add French, German, English and Italian as a multilingual integration of traditional ASP.NET Web Sites into your Enterprise Security Service Bus (ESSB) Code a multilingual Enterprise Security Service Bus (ESSB) For this Lab has a new dedicated Cloud Service in VBIC s virtual cloud classroom been issued Every student is using his dedicated developer environment and in addition has been granted therefore been granted an organizational account and executes this training as organizational Lab: Repeat Module 1 from Step 1 until step 146 Lab: Modify Module 1 so your ESSB becomes multilingual and supports local STS claims originating from Italian, French, German and English office locations or customers in these countries. Lab: Task 4: Inform your instructor and VBIC Help Desk (info@vbic.net) if you have reached step 146 while accomplished Lab 3. Logout and close your RDP session. The Assessment is only optional, only if time permits, voluntary at the discretion of the student and does not have a solution folder as there are many ways to achieve the to be assessed target of evaluation and is subject of evaluation by instructor or VBIC staff If assessment is taken by students will student receive either an assessment from instructor about assessment passing during class or will receive a follow up email for assessment validation result from/by VBIC staff, 5 days after last day of class.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback