Chaining Multiple STS

A few month ago I learned something about claims based authentication that I thought was not possible. Ever since starting working on federation solutions, and learning about it via training courses, reading white papers, specifications and presentations the following two topologies were always shown or discussed. The first one is where company has its own…


Authentication Assurance and Claims Based Authentication

Authentication Mechanism Assurance is described in the following Microsoft publication: In this post I want to dig a bit more into different configuration options, show how it works and provide example of how it can be configured with AD FS 2. Authentication Mechanism Assurance is a new feature in Windows 2008 R2 AD DS…


New UAG Book – Mastering Microsoft Forefront UAG 2010 Customization

My last few posts were dedicated to customization of the look and feel of the UAG 2010 Logon/Logoff and Portal experience. I had to figure out a lot of it on my own without any type of documentation. Well, there is a good news, PACKT Publishing just released a new book on how to customize…


UAG 2010 Custom Logon and Logoff Pages

Ever needed to modify UAG 2010 default Logon/Logoff pages to something a bit more custom? I did on one of my recent projects. See it for more details on full width page on my blog at Thanks, Dmitrii


UAG 2010 Custom Portal

Ever needed to modify UAG 2010 default portal page to something a bit more custom? I did on one of my recent projects. See it for more details on full width page on my blog at Thanks!


UAG 2010 and AD FS v2 White Paper is Published

Over the last three month I published many articles on UAG and AD FS. While it each of the posts provides its own information, many of them refer or build on the knowledge provided in the prior posts. So if you had to read it altogether you’d have to start from the end and read…


AD FS and UAG are Better Together–Example of a real Solution

In the last nine posts we reviewed different topologies and discussed some of the techniques on how to integrate these topologies together. In this post we’ll take a look at real example of a production implementation. The solution very similar to the following design has been implemented by one of the large enterprise companies. We…


Designing UAG and AD FS Solution

In the last many posts we looked at all kind of different topologies for UAG and AD FS configuration. Now, since we are armed with knowledge of different configuration options, we can put all of them to use and see how we can apply them to real life situations. Before we do this, we need…


UAG and ADFS Better Together–Authentication via Azure ACS

This post discussing how it is possible to publish applications to Internet based users who authenticate to the UAG via one of the Internet Cloud Identity Providers, such as LiveID, Google, Yahoo or Facebook. The Windows Azure ACS acts as IdP-STS in this configuration topology. This is essentially the same as what we discussed in…