Copyright

Similar documents
Copyright

Copyright

Microsoft ADFS Configuration

SchoolBooking LDAP Integration Guide

Architecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World

3.1 Getting Software and Certificates

Use EMS to protect your mobile data and mobile app

Copyright

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Online Banking Initial Log In Instructions. Go to and enter your username: Ex JaneDoe

Copyright

Remotely auditing Check Point devices with Nipper Studio

User Directories. Overview, Pros and Cons

ArcGIS Server Components: An Introduction to Server IT

Procedure for Connecting to OIL VPN

RPC Award Program User Guide

AMEC SCM USER MANUAL AMEC SCM USER MANUAL FOR SUPPLIER. 1 P a g e

User Guide for the New Kofax Partner Portal

ArcGIS Enterprise Administration

Single Sign-On Showdown

User guide NotifySCM Installer

Help Document Series: Connecting to your Exchange mailbox via Outlook from off-campus

Health Professional & ADFS Integration Guide

Falcon. User Guide. EEG Enterprises, Inc. 586 Main Street Farmingdale, New York eegent.com (516)

Using the New UCOP UAT Validation Reports for Graduate Admissions

ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration

DDS Identity Federation Service

HOW TO SETUP CFS POLICIES WITH LDAP AND SSO TO RESTRICT INTERNET ACCESS ON CFS 3.0

Education Data System (EDS) Administration Manual

ESS Security Enhancements

Cloud Access Manager Configuration Guide

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Security Provider Integration Kerberos Authentication

Massachusetts Registry of Motor Vehicles ATLAS. Insurance Company Help Documentation Version 1.0 3/22/2018

Attachment 3 (B); Security Exhibit. As of March 29, 2016

Microsoft MB Microsoft Dynamics CRM 2016 Installation. Download Full version :

Account Set Up Guide

Configuring Microsoft Outlook to Connect to Hosted Exchange Service

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

LastPass Enterprise Recommended Policies Guide

Quick Start: Permission requests and approvals

Load Balancing Microsoft AD FS. Deployment Guide v Copyright Loadbalancer.org

Passwordstate Mobile Client Manual Click Studios (SA) Pty Ltd

FUJITSU Cloud Service S5 Setup and Configuration of the FTP Service under Windows 2008/2012 Server

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

CUSTOMER CONTROL PANEL... 2 DASHBOARD... 3 HOSTING &

TECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.

On-demand target, up and running

Multi Factor Authentication & Self Password Reset

Cloud Access Manager Overview

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

BSD-BSS system user guide

Nuance. PowerMic Mobile. Installation and Administration Guide

SAML-Based SSO Solution

SAP Security in a Hybrid World. Kiran Kola

The benefits of synchronizing G Suite and Active Directory passwords

Holy Cross School Laptop Configuration Instructions for Students Grades 5 10 MAC OS

Qualys SAML & Microsoft Active Directory Federation Services Integration

AFN Setup. If you have any trouble setting it up please contact the Help Desk by at Outlook 2007 and 2010

Connect to Wireless, certificate install and setup Citrix Receiver

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Single Sign-On for PCF. User's Guide

Configuring Alfresco Cloud with ADFS 3.0

Adobe Document Cloud esign Services. for Salesforce Version 17 Upgrade Guide

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

How to Set Up External CA VPN Certificates

Remote Access via Cisco VPN Client

Building Block Installation - Admins

Sponsored Candidate Application Guide Voucher

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

TRAINING GUIDE. Tablet: Cradle to Mobile Configuration and Setup

CONNX SECURITY OVERVIEW

Authentication. Katarina

Configuration examples for the D-Link NetDefend Firewall series DFL-260/860

SMS 2.0 SSO / LDAP Launch Kit

Using the New UCOP UAT Validation Reports For Undergraduate Admissions

[Outlook Configuration Guide]

Online Fundraising Guide

Do It Yourself Fundraising Guide

IBM C Exam. Volume: 65 Questions

Securing ArcGIS Services

ISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University

1 Installing KEEP is Easy

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for SonicWALL Secure Remote Access

SafeNet Authentication Manager

CC Box Execution Page

Importing Merit Calendar to Outlook 2010

Tenable.io for Thycotic

NetExtender for SSL-VPN

Authentication CS 4720 Mobile Application Development

Minimum requirements for Portal (on-premise version):

Skandocs Installation and Connectivity Guide What you need to know to successfully utilise the Internet connectivity in Skandocs

AvePoint Governance Automation 2. Release Notes

User guide AppGate version 11.3-LTS-u1

Configuring RentalPoint Web Services

Identity Provider for SAP Single Sign-On and SAP Identity Management

RNDC / NDC MicroStrategy Supplier Web Troubleshooting Guide

Publishing Enterprise Web Applications to BYOD using a Granular. Trust Model. Shachaf Levi IT Client Security & Connectivity May 2013.

DocAve. Release Notes. Governance Automation Service Pack 5 Cumulative Update 2. For Microsoft SharePoint

Step-by-Step Guide to Ansur Executive 3.0 Installation With or without Electronic Signatures

Transcription:

This video looks at Claim Based/Identity Based systems using Active Directory Federation Services as an example. An example of a claim based system is where the user logs into a system like a web page using another system, for example a Facebook login.

Example In this fictional example, it shows the key points to a Federation Service. Federation Services work by a user wanting to access a system which belongs to a 3rd party. In order to do this, the first party needs to provide something the 3rd party can check to ensure the person is allowed access. It is still up to the 3rd party if they will allow them access or not. The point is that business B can check that the employee is a valid employee without having to contact business A to check.

In this example, an Active Directory Federation Services model would work the following way. 1) The user contacts the web server in business B in order to obtain access to a service. 2) The web server rejects the request as the web server does not know who they are. The web server refers them to Federation Server in business B in order to get a claim in order to access the web server. 3) The user then contacts the Federation Server in the business B network. 4) The Federation Server does not know who the user is, so it says to get authorization first. 5) The user contacts the Federation Server in its DMZ and requests to be authenticated. 6) The Federation Server will pass the username and password the user provided to a Domain Controller. 7) The Domain Controller will respond back to the Federation Server that they have been authenticated. 8) The Federation Server will give the user a claim. This claim contains information indicating the user has been authenticated. 9) This claim is presented to the Federation Server in business B. 10) The Federation Server will accept the claim. Although not shown in this video, the Federation Server will often create a new claim that would be given to the user to grant them access services. 11) The user will use the claim with the web server. 12) The web server will accept the claim and connect to a file server. 13) The file server will give the information to the web server. 14) The web server will then present the information to the user.

AD Example In order to have authentication occur between two businesses using Active Directory, a trust relationship needs to be created between the two businesses. In order for this to occur, firewall changes need to made. An Active Directory trust is also connection based, which means a direct connection between the two businesses must also be present. If you want to allow services like file transfers you also need to make additional changes to the firewall. Companies often do not want to make changes to their firewall and do not want to establish direct permanent connections between different businesses.

Advantages of Federation Services Federation Services does not require a connection style trust in order to work. It only requires a certificate to be exported and imported on the other side before the trust can be configured. Federation Services also uses standard HTTP and HTTPS protocols and thus these ports are most likely already open on the companies file firewall. Companies are more likely to agree to open these ports than open less commonly used ports. Federation Services uses standard protocols and thus can work with other systems. For example, a Windows based Federation Server can also work with a Linux based Federation Server.

Example Of Online Services In this example, a mobile user requires access to Exchange Services stored in the cloud using Microsoft Outlook as the client. 1) The user contacts the online Exchange Server in the cloud. 2) The server responds back that it needs a claim in order to access the service. 3) The user contacts that Federation Server. 4) The Federation Server responds back saying it will not issue a claim until they have been given a claim showing they are allow access. 5) The user contacts the Federation Service on their network with their username and password. Any authentication system could be used here. Even a system that only requires the user to present an e-mail address could be used. 6) The Federation Server contacts a Domain Controller to authenticate the user. 7) The Domain Controller responds back to the Federation Server that the user has been authenticated. 8) The Federation Server gives a claim to the user. 9) The user then gives the claim to a Federation Server. 10) The Federation Server accepts the claim and presents the user with another claim that the user can use with the online server to access the Exchange service. 11) The user then presents this claim to the online server and is now able to access the Exchange service in the cloud. The point to remember with claim based systems is that authentication is provided by a system that is separate from the system that is providing access. This means that the first system can add and remove users as required and thus indirectly be responsible for who has access.

Summary A Federation Service uses standard web protocols and does not require a connection style trust. For this reason these ports may already be open on the firewall and thus is generally easier to get management approval. Federation Services require many systems to work together and thus may not be that easy to get up and working. Microsoft cloud based systems are well documented. Other Federation Services solutions are not as well documented and thus may be harder to set up. Lastly a claim contains user information and what they would like access to. They use certificates to make sure the data is secure. In later videos claims will be covered in more detail. See http://youtube.com/itfreetraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References Active Directory Federation Services Overview http://technet.microsoft.com/enus/library/hh831502.aspx Federated identity http://en.wikipedia.org/wiki/federated_identity

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback