Token Policy and STS

If you are familiar with PKI projects you are probably know about Certificate Policy (CP) and Certificate Practice Statements (CPS). Both based on published RFC and usually required in most PKI implementations. CP specify the policy for PKI and CPS specifies how this policy is implemented by each CA in your PKI solution. Usually it…

0

Claim Based Authentication IV

In previous three posts we examined how claim authentication flow works for users in the same domain as SharePoint site and for users from other organizations. As we have seen, the value for Role claim was based on the Active Directory group membership. For instance, Frank Miller from Fabrikam was given role of DrugTrial1Auditors in…

0

Claims Based Authentication – Part III

This is continuation of two previous posts. Please check them out first, otherwise this one might not make much sense at all. Step 6 in step-step guide configures Fabrikam STS with Relying Party and shows how to configure Information Cards to automate home realm discovery. I’m not going to talk about Information Cards yet, for…

0

Claims based Authentication – Part II

In previous post we started examination of the authentication process in our demo environment. Lets examine what happens in step 5 of the step-step guide. During this step Contoso STS was configured to work with Fabrikam STS. There were three primary steps in this process: Add Fabrikam STS as Identity Provider (IDP) Configure rules for…

0

Claims based Authentication – Part I

Claims based authentication is getting more ground and with more practical applications we’ll see more and more adoption of this technology. Recently I downloaded and went through step-step demonstration on using Microsoft Office SharePoint Server 2007 and Active Directory Federation Services v2 (ADFS v2) beta 2 software. You can download this great demo at this…

0

Deleting old keys on Smart Card

If you use your smart card a lot and issue many certificates to your Smart Card there will be a moment when the storage on the card will get too small to accommodate new certificates. In most cases your IT department might ask you to send your card back for replacement or they will tell…

1

Provisioning Computers with ILM ‘2’

In previous post I talked about different ways to provide Registration Authority (RA) functionality for device certificates. The 4th method was using ILM ‘2’ workflow functionality to control group membership. A few days ago I decided to setup a demonstration on how it actually can be done. I used ILM ‘2’ RC0 software which at…

0

Registration Authority and Device Certificates

Registration Authority (RA) in PKI implementations is used to authorize  issuance of certificates to the certificate subscriber. Usually it is used with user certificates, especially if they are issued on the Smart Cards. In some implementations it is necessary to provide RA functionality for device certificates. Usually it is done with PKI implementations that are…

0

Old Certificates Identification and Removal

  Certificate renewal on Web sites can be a big nightmare, especially if you have hundreds of them and if you don’t know when they are going to expire. Also, sometime you have change the Issuing CA from one to another and finding out the certificate chain on multiple sites can be a time consuming…

1