SlideShare a Scribd company logo

Adfs 2 & claims based identity

Download as PPTX, PDF
Nathan Winters, profile picture
Nathan Winters

AD FS 2 & Claims-Based Identity provides a consistent identity layer across applications by extracting identity information from Active Directory and other sources and expressing it as standardized claims. This allows applications to authenticate users once via AD FS and receive attributes about the user, without the applications needing direct access to identity stores. Claims can include group memberships, email address, or any other identity attributes that can be used for authorization and personalization. AD FS supports web single sign-on, web services, and "claims-aware" applications via standards like WS-Federation, SAML 2.0, and can federate identity across organizations.

Technology
1 of 32
Downloaded 121 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
AD FS 2 & Claims-Based IdentityLaura E. HunterIdentity Lady, AD FS Zealotlaura.hunter@lhaconsulting.comhttp://www.shutuplaura.com@adfskitteh
The Problem? We Lack a Consistent Identity Layer for Applications
The Result?Hard-coded dependencies, “Continuous Wheel Re-Invention”Resistance to Change
LDAP://dc1.bigfirm.com/ou=FTEs,dc=bigfirm,dc=com
filter = ((&(objectClass=user)(|(sn=*smith*)(displayName=*smith*)(givenName=*smith*)(cn=*smith*))))
How many different ways can you authenticate to an app?
Managing Application Identity – First Principles1. Identify the Caller2. Extract Information for AuthZ & Personalization
Windows Integrated AuthenticationDoes Active Directory work everywhere?
Adfs 2 & claims based identity
Adfs 2 & claims based identity
What’s the Solution?
So What’s a Claim?“I am a member of the Marketing group”“My email address is …”“I am over 21 years of age”Populated using information fromAD/ADAM/ADLDSSQLExpressed using the SAML format
<saml:AssertionAssertionID="..." IssueInstant="2006-07-11T03:15:40Z" Issuer=“https://adatum-dc1.adatum.com“><saml:ConditionsNotBefore="2006-07-11T03:15:40Z" NotOnOrAfter="2006-07-11T04:15:40Z"><saml:Audience> https://contoso-dc1.contoso.com </saml:Audience><saml:AuthenticationStatementAuthenticationInstant="2006-07-11T03:15:40Z" AuthenticationMethod="urn:federation:authentication:windows"><saml:NameIdentifierFormat="http://schemas.xmlsoap.org/claims/UPN">adamcar@adatum.com</saml:NameIdentifier><saml:AttributeAttributeName="Group”<saml:AttributeValue> Administrators</saml:AttributeValue><Signaturexmlns="http://www.w3.org/2000/09/xmldsig#"> ab315cdff14d</Signature></saml:Assertion>Abridged SAML Token(Don’t Squint, Just Get the Big Idea!)
AD FS is all about the apps!
Standards-based:WS-FederationWS-TrustSAML 2.0Use cases:WebSSOWeb Services (WCF)What is this…“claims-aware” application of which you speak?
What Can I do with this?
Application Access in a Single Org
Account Partner(ADATUM)Resource Partner(CONTOSO)A. DatumAccount ForestTrey ResearchResource ForestFederation TrustFederated Application Access
SSO to Service Providers
Cloudy with a Chance of Federation
So what does it look like?
WS-Fed Passive ProfileAccount Partner(Users)Resource Partner(Resource)A. DatumAccount ForestTrey ResearchResource ForestFederation Trust
Something lost, something gained…What about passwords?What about deprovisioning?
Liberty Alliance Results…ADFS 2 SAML 2.0 Interop Testing with Entrust, IBM, Novell, Ping, SAP, SiemensIdP LiteSP LiteEGov 1.5Matrix testing results:http://www.projectliberty.org/liberty/liberty_interoperable/implementations/saml_2_0_test_procedure_v3_2_2_full_matrix_implementation_table_q309/
Adfs 2 & claims based identity
If you remember nothing else but this…
I want the integrity of yourusers’ identity information when they access myresources…
…to be at least as good…
as the integrity of yourusers’ identity information when they access yourresources.
AD FS components are Windows componentsNo additional server software costs…but it’s all about the apps!AD FSv2 (was “Geneva”)Release Candidate Available NowRTM…“Soon”Windows Identity Foundation.NET Developer PlatformFree DownloadAvailable now!AD FS 2.0 Availability, Pricing
AD Cookbook, 3rd EditionBest selling Active Directory titleWhat’s New?Windows Server 2008 coverage: Read Only Domain Controllers (RODCs)Fine Grained Password Policies (FGPPs)Exchange 2007 integration & scriptingIdentity Lifecycle Manager 2007Windows PowerShell & Active Directory .NET programmingNew user interface features Always more than one way!Learn More! http://oreilly.com/catalog/9780596521103/
Thank You!mailto: laura.hunter@lhaconsulting.comblog: http://www.shutuplaura.comtwitter: @adfskitteh

More Related Content

PDF
Understanding 'Authentication' and 'Identity Federation'
Naohiro Fujie
 
PDF
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
PDF
Claim based authentaication
Sean Xiong
 
PPTX
Asp.net membership anduserroles_ppt
Shivanand Arur
 
PDF
Difference between authentication and authorization in asp.net
Umar Ali
 
PDF
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
PDF
Integrate Business Apps with Facebook, Twitter, and LinkedIn
Salesforce Developers
 
DOC
Android application fundamentals
Steve Smith
 
Understanding 'Authentication' and 'Identity Federation'
Naohiro Fujie
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
Claim based authentaication
Sean Xiong
 
Asp.net membership anduserroles_ppt
Shivanand Arur
 
Difference between authentication and authorization in asp.net
Umar Ali
 
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
Integrate Business Apps with Facebook, Twitter, and LinkedIn
Salesforce Developers
 
Android application fundamentals
Steve Smith
 

Viewers also liked (20)

PPTX
ADFS + IAM
Richard Harvey
 
PPTX
Office 365-single-sign-on-with-adfs
amitchachra
 
PPTX
Understanding Identity Management with Office 365
Perficient, Inc.
 
PPTX
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
 
KEY
PowerShell and the Future of Windows Automation
Concentrated Technology
 
PPT
PowerShell crashcourse
Concentrated Technology
 
PPT
PowerShell Functions
mikepfeiffer
 
PPT
No-script PowerShell v2
Concentrated Technology
 
PPTX
Ive got a powershell secret
Chris Conte
 
PPT
Free tools for win server administration
Concentrated Technology
 
PDF
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Don Reese
 
PPTX
Basic PowerShell Toolmaking - Spiceworld 2016 session
Rob Dunn
 
PPT
Ad disasters & how to prevent them
Concentrated Technology
 
PPTX
Best free tools for w d a
Concentrated Technology
 
PPTX
PowerShell crash course
Concentrated Technology
 
PPTX
PowerShell custom properties
Concentrated Technology
 
PPTX
Managing enterprise with PowerShell remoting
Concentrated Technology
 
PPTX
PowerShell and WMI
Concentrated Technology
 
PPTX
PowerShell crashcourse for Sharepoint admins
Concentrated Technology
 
PPTX
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
Concentrated Technology
 
ADFS + IAM
Richard Harvey
 
Office 365-single-sign-on-with-adfs
amitchachra
 
Understanding Identity Management with Office 365
Perficient, Inc.
 
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
 
PowerShell and the Future of Windows Automation
Concentrated Technology
 
PowerShell crashcourse
Concentrated Technology
 
PowerShell Functions
mikepfeiffer
 
No-script PowerShell v2
Concentrated Technology
 
Ive got a powershell secret
Chris Conte
 
Free tools for win server administration
Concentrated Technology
 
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Don Reese
 
Basic PowerShell Toolmaking - Spiceworld 2016 session
Rob Dunn
 
Ad disasters & how to prevent them
Concentrated Technology
 
Best free tools for w d a
Concentrated Technology
 
PowerShell crash course
Concentrated Technology
 
PowerShell custom properties
Concentrated Technology
 
Managing enterprise with PowerShell remoting
Concentrated Technology
 
PowerShell and WMI
Concentrated Technology
 
PowerShell crashcourse for Sharepoint admins
Concentrated Technology
 
VDI-in-a-Box: Microsoft Desktop Virtualization for Smaller Businesses and Uses
Concentrated Technology
 
Ad

Similar to Adfs 2 & claims based identity (20)

PDF
Bsides Tampa Blue Team’s tool dump.
Alexander Kot
 
PPT
Identity Federation on JBossAS
Roger CARHUATOCTO
 
PPTX
Secure Modern Workplace With Microsoft 365 Threat Protection
Ammar Hasayen
 
PDF
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli
 
PPTX
IdP, SAML, OAuth
Dan Brinkmann
 
PDF
How to protect your corporate from advanced attacks
Microsoft
 
PPTX
Splunk for Security Breakout Session
Splunk
 
PPTX
Understanding Application Threat Modelling & Architecture
Priyanka Aash
 
PPTX
PeopleSoft: HACK THE Planet^W university
Dmitry Iudin
 
PPTX
SplunkLive! - Splunk for Security
Splunk
 
PPTX
Application Security Architecture and Threat Modelling
Priyanka Aash
 
PPT
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Vinod Kumar
 
PPTX
Detection of webshells in compromised perimeter assets using ML algorithms
Rod Soto
 
PDF
How to 2FA-enable Open Source Applications
All Things Open
 
PPTX
Role-Based Access Control
EmpowerID
 
PDF
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
APIsecure_ Official
 
PPT
Basics of IT security
Dr. Ramkumar Lakshminarayanan
 
PDF
Stuxnet redux. malware attribution & lessons learned
Yury Chemerkin
 
PPTX
Hands-On Security - Disrupting the Kill Chain
Splunk
 
PPT
BSidesDC 2016 Beyond Automated Testing
Andrew McNicol
 
Bsides Tampa Blue Team’s tool dump.
Alexander Kot
 
Identity Federation on JBossAS
Roger CARHUATOCTO
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Ammar Hasayen
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli
 
IdP, SAML, OAuth
Dan Brinkmann
 
How to protect your corporate from advanced attacks
Microsoft
 
Splunk for Security Breakout Session
Splunk
 
Understanding Application Threat Modelling & Architecture
Priyanka Aash
 
PeopleSoft: HACK THE Planet^W university
Dmitry Iudin
 
SplunkLive! - Splunk for Security
Splunk
 
Application Security Architecture and Threat Modelling
Priyanka Aash
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Vinod Kumar
 
Detection of webshells in compromised perimeter assets using ML algorithms
Rod Soto
 
How to 2FA-enable Open Source Applications
All Things Open
 
Role-Based Access Control
EmpowerID
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
APIsecure_ Official
 
Basics of IT security
Dr. Ramkumar Lakshminarayanan
 
Stuxnet redux. malware attribution & lessons learned
Yury Chemerkin
 
Hands-On Security - Disrupting the Kill Chain
Splunk
 
BSidesDC 2016 Beyond Automated Testing
Andrew McNicol
 
Ad

More from Nathan Winters (20)

PPTX
Exch2010 compliance ngm f inal
Nathan Winters
 
PPTX
Exchange 2010 storage improvements
Nathan Winters
 
PPTX
Ultan kinahan dr - minasi 2010
Nathan Winters
 
PPTX
Sql server troubleshooting
Nathan Winters
 
PPTX
Aidan finn vmm 2008 r2 - minasi forum 2010
Nathan Winters
 
PPT
The new rocket science stuff in microsoft pki
Nathan Winters
 
PPT
Today's malware aint what you think
Nathan Winters
 
PPTX
Nathan Winters Exchange 2010 protection and compliance
Nathan Winters
 
PPTX
Migrating to Exchange 2010 and ad 2080 r2
Nathan Winters
 
PPTX
Desktop virtualization scott calvet
Nathan Winters
 
PPTX
Nathan Winters TechDays UK Exchange 2010 IPC
Nathan Winters
 
PPTX
OCS Introduction for Learning Gateway Conference 2009
Nathan Winters
 
PPTX
Introduction to Exchange 2010
Nathan Winters
 
PPTX
Eric Rux The Big One Merging 2 Companies
Nathan Winters
 
PPT
Ultan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Nathan Winters
 
PPT
Thomas Deimel The World Of Hackintosh
Nathan Winters
 
PPTX
Joe Mc Glynn Sbs 2008 For The Small Business
Nathan Winters
 
PPTX
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Nathan Winters
 
PPTX
Roger Grimes How I Fixed The Internets
Nathan Winters
 
PPTX
Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters
 
Exch2010 compliance ngm f inal
Nathan Winters
 
Exchange 2010 storage improvements
Nathan Winters
 
Ultan kinahan dr - minasi 2010
Nathan Winters
 
Sql server troubleshooting
Nathan Winters
 
Aidan finn vmm 2008 r2 - minasi forum 2010
Nathan Winters
 
The new rocket science stuff in microsoft pki
Nathan Winters
 
Today's malware aint what you think
Nathan Winters
 
Nathan Winters Exchange 2010 protection and compliance
Nathan Winters
 
Migrating to Exchange 2010 and ad 2080 r2
Nathan Winters
 
Desktop virtualization scott calvet
Nathan Winters
 
Nathan Winters TechDays UK Exchange 2010 IPC
Nathan Winters
 
OCS Introduction for Learning Gateway Conference 2009
Nathan Winters
 
Introduction to Exchange 2010
Nathan Winters
 
Eric Rux The Big One Merging 2 Companies
Nathan Winters
 
Ultan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Nathan Winters
 
Thomas Deimel The World Of Hackintosh
Nathan Winters
 
Joe Mc Glynn Sbs 2008 For The Small Business
Nathan Winters
 
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Nathan Winters
 
Roger Grimes How I Fixed The Internets
Nathan Winters
 
Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters
 

Recently uploaded (20)

PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
A Presentation on Artificial Intelligence
memembruh336
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 

Adfs 2 & claims based identity

Editor's Notes

  • #5: Hard-coded dependencies
  • #6: Re-inventing the wheel – asking our devs to be AD experts
  • #7: Resistance to change – smart card, cloud, etc.
  • #8: Identify the caller (AuthN)Grep information about the caller for AuthZ &amp; personalization
  • #19: Partner fed
  • #21: Fed with the cloud
  • #22: Hide.Fedutil, pre-baked RP trust
  • #25: For WinHIED
  • #26: For WinHIED