Bring Your Own Device Part I Yuqing Zhao 趙宇清 Protocol Test Suite Developer Microsoft Corporation

Similar documents
Securing ArcGIS Server Services An Introduction

Office 365 and Azure Active Directory Identities In-depth

Securing ArcGIS Services

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Ten most common Mistakes with AD FS and Hybrid Identity. Sander Berkouwer MVP, DirTeam.com

WORKPLACE Data Leak Prevention: Keeping your sensitive out of the public domain. Frans Oudendorp Ronny de Jong

Edge Foundational Training

Microsoft Graph API Deep Dive

Microsoft Exchange Server 2013 and 2016 Deployment

Windows 10 Azure AD / EMS

Przejmij kontrolę nad użytkownikiem, czyli unifikacja dostępu do aplikacji w zróżnicowanym środowisku

Takes 2 to Tango: Java Web Services and.net Interoperability

Developing Microsoft Azure Solutions (70-532) Syllabus

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Single Sign-On Showdown

: 20696C: Administering System Center Configuration Manager and Intune

Deploying and Managing Windows 10 Using Enterprise Services

Active Directory Services with Windows Server

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Developing Microsoft Azure Solutions (70-532) Syllabus

Course Outline 20742B

Phil Schwan Technical

ArcGIS for Server: Security

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Microsoft Administering System Center Configuration Manager and Intune

COURSE OUTLINE: OD10969B Active Directory Services with Windows Server

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Administering System Center Configuration Manager and Intune

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Course Outline. Deploying and Managing Windows 10 Using Enterprise Services Course B: 5 days Instructor Led

This module provides an overview of multiple Access and Information Protection (AIP) technologies

Active Directory Services with Windows Server

COURSE B: DEPLOYING AND MANAGING WINDOWS 10 USING ENTERPRISE SERVICES

ForeScout Extended Module for MaaS360

"Charting the Course... MOC C: Deploying and Managing Windows 10 Using Enterprise Services. Course Summary

C: Deploying and Managing Windows 10 Using Enterprise Services. Duration: 5 days; Instructor-led

COURSE OUTLINE MOC 10969: ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER MODULE 1: OVERVIEW OF ACCESS AND INFORMATION PROTECTION

Administering System Center Configuration Manager and Intune

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

Migrating Enterprise Applications to the Azure Platform

Tizen/Artik IoT Lecture Chapter 13. IoTivity Cloud

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Deploying and Managing Windows 10 Using Enterprise Services

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Using the Terminal Services Gateway Lesson 10

VMware AirWatch Android Platform Guide

"Charting the Course... MOC B Active Directory Services with Windows Server Course Summary

AD FS v3. Deployment Guide

Integrating Salesforce and SharePoint Netwoven Inc.

Developing Microsoft Azure Solutions (70-532) Syllabus

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE

Table of Contents. I. How do I register for a new account? II. How do I log in? (I already have a MyJohnDeere.com account.)

ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER

ForeScout Extended Module for MobileIron

Sentinet for BizTalk Server SENTINET

MS-20696: Managing Enterprise Devices and Apps using System Center Configuration Manager

Extranet Identity Management and Authentication for SharePoint On Premise, Office 365 and Beyond

VMware AirWatch Content Gateway Guide for Windows

Administering System Center Configuration Manager and Intune

Introduction to ArcGIS Server Architecture and Services. Amr Wahba

Deccansoft Software Services

70-487: Developing Windows Azure and Web Services

Windows Server Network Access Protection. Richard Chiu

M20742-Identity with Windows Server 2016

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

NE Administering System Center Configuration Manager and Intune

Microsoft Architecting Microsoft Azure Solutions.

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

Microsoft Deploying and Managing Windows 10 Using Enterprise Services

GENOA Transformer Pre-Install Checklist

Table of Contents. VMware AirWatch: Technology Partner Integration

ConfigMgr 2012 R2 & Intune

Deploy and Enjoy: Tableau Mobile at Enterprise Scale

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Set up Your Corporate or Personal (BYOD) iphone for Office 365 (Cloud)

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

Course 10969: Active Directory services with Windows Server

20742: Identity with Windows Server 2016

Workspace ONE UEM Notification Service 2. VMware Workspace ONE UEM 1811

Active Directory Services with Windows Server

Configure HTTPS Support for ISE SCEP Integration

TECHNICAL NOTES. Configuring BrightAuthor for BSNEE

Identity with Windows Server 2016

Exam /Course C or B Configuring Windows Devices

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

COURSE OUTLINE: B Deploying and Managing Windows 10 Using Enterprise Services. Course Name. Course Duration Course Structure Course Overview

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

METHODOLOGY This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises.

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Authentication in the Cloud. Stefan Seelmann

Deliver and manage customer VIP POCs. The lab will be directed and provide you with step-by-step walkthroughs of key features.

VMware AirWatch Content Gateway Guide for Windows

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Deploying Tableau at Enterprise Scale in the Cloud

Microsoft Active Directory Services with Windows Server

Warm Up to Identity Protocol Soup

10969B: Active Directory Services with Windows Server

App Gateway Deployment Guide

Transcription:

Bring Your Own Device Part I Yuqing Zhao 趙宇清 Protocol Test Suite Developer Microsoft Corporation

What s BYOD Device <-> Public Cloud Device <-> Enterprise On-Premise Cloud

BYOD Protocols and Test Design How to use protocol Test Suite Q&A Agenda

BYOD Protocol Scenarios WHO -- Workplace Join

Covered Protocols MS-DVRD: Discovery endpoints used during device registration MS-OAPX: Extend Authorization Code Grant of OAuth2.0(RFC6749) MS-DVRE: Enroll a device certificate

Protocol Stack MS-DVRD MS-OAPX MS-DVRE HTTPS OAuth2.0 WS-Trust SOAP

Protocol Traffic Flow AuthCode Discovery Server Discovery Response OAPX Auth Endpoint OAPX Token Endpoint Access Token Apply Enrollment Discovery Apply Access AuthCode Request Token Personal Device Enrollment Server

Protocol Implementation Scenario Client Role of MS-DVRD Client Role of MS-DVRE Client Role of MS-OAPX

Test Suite acts as Synthetic Server OAPX Auth Endpoint Test Case 1 Test Case 2 OAPX Token Endpoint xxx xx Constructing Auth Verifying and xx Issue Access Response issue Request Token Test Suite AuthCode Discovery Server Discovery AuthCode Access Response Token Message Syntax is verified Apply Enrollment Discovery Apply Access AuthCode Request Token 3 rd party Client role implementation Specific authentication mechanism passed Enrollment Server Security Token is issued by test suite Device State matches expectation

Test Suite Architecture Trigger SUT to start registration Define execution sequence Test Suite SUT Control Adapter System Under Test (SUT) Test Case HTTPS Protocol Client Role Implementation

BYOD Protocol Scenarios WHO -- Workplace Join WHAT File Sync

Covered Protocols MS-ECS: Protocol to upload and download file MS-FSVCA: Algorithm and data structures to present file version

Traffic Flow: Upload Files Upload Session Provided Confirmed Created Create Get Versions Session MS-ECS Server Personal Device Create Session Get Server Side Versions Upload Files

Traffic Flow: Download Files Upload Create Session Get Server Side Versions Upload Files Same Different Different Download Create Session Send Client Side Versions Download Files

Protocol Implementation Scenario Client Role of MS-ECS MS-FSVCA

Synthetic Server In Upload Files Test Case 1 Test Case 2 xxx xx xx Test MS-ECS Suite Server Session Provided Upload Confirmed Created Message Syntax is verified Create Get Upload Versions Changes Session 3 rd party Client Role Implementation Asked for server side versions before uploading Latest file version in request matches expectation Device State matches expectation

Test Suite Architecture Test Suite SUT Control Adapter Test Case HTTP/HTTPS System Under Test (SUT) Protocol Client Role Implementation

BYOD Protocol Scenarios WHO -- Workplace Join WHAT File Sync SECURITY Web App Proxy

Network Topology Corporate Network boundary AD FS Web App Proxy Personal Device Web Application

Covered Protocols MS-ADFSPIP: Describes how an AD FS and Web Application Proxy integrated system works Difference from common Web Proxy? Common web proxy focuses on TCP/IP and HTTP layer MS-ADFSPIP Web App Proxy focuses on AD FS enabled web application protocol layer

Protocol Stack MS-ADFSPIP HTTPS

Protocol Scenarios Deploy Web App Proxy Manage Web App Publish settings Pre-authenticate user request

Traffic Flow: Pre-Authentication AD FS Server HTTP 304 302 + AuthCookie Token Unauthorized!! Client HTTP GET Cert HTTP SSL: 302 need + HTTP GET HTTP 302 304 + Cookie Token AuthCookie cert Web App Proxy Unauthed HTTP GET + Client HTTP GET Cert AuthCookie Request Personal Device Web App Step 1: Access without authorization Step 2: Redirection for authorization Step 3: Retrieves client SSL certificate Step 4: Applies access token with client cert + auth cookie Step 5: Redirected to Web App.

Protocol Implementation Scenario AD FS Server Replace me Web App Proxy 3 rd party Web App Proxy Personal Device Web App

Synthetic testing in Pre-Authentication Test Case 1 Test Case 2 xxx xx xx AD FS Server Test Suite as AD FS Test Case 1 Test Case 2 xxx xx Web App xx HTTP 304 302 + AuthCookie Token Client HTTP GET Cert HTTP GET + Cookie Token Web App Proxy 3 rd party Web App Proxy HTTP SSL: 302 need + HTTP 302 304 AuthCookie cert Received redirection to AD FS Unauthed HTTP GET + Client HTTP GET Cert AuthCookie Request Received auth cookie + client cert request Test Case 1 Test Case 2 xxx xx xx Test Personal Suite as Device Device Test Suite as Web App Received redirection to Web App

Test Suite Architecture Test Suite Act as a web app SUT Control Adapter Fake Web App Fake Web Client Test Case System Under Test (SUT) Proxy Role Implementation Act as a web client

BYOD Protocols How to use protocol Test Suite Deployment Configuration Test Case Execution Test Result Analysis Demo Agenda Q&A

Follow User Guide for Deployment

Test Suite Configuration File *.ptfconfig

Test Suite Configuration File

interactive Adapter Purpose Allow manual operation during test case execution Configuration Effect At SUT control step, will pop up window containing operation instruction

Test Case Execution Use Visual Studio 2012 Use Batch

Test Log Analysis Logs generated during test case execution will all be saved Error message contains original protocol document description

How to use Protocol Test Suite to test Workplace Join

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback