Chaining Multiple STS

A few month ago I learned something about claims based authentication that I thought was not possible. Ever since starting working on federation solutions, and learning about it via training courses, reading white papers, specifications and presentations the following two topologies were always shown or discussed. The first one is where company has its own…

1

Authentication Assurance and Claims Based Authentication

Authentication Mechanism Assurance is described in the following Microsoft publication: http://technet.microsoft.com/en-us/library/dd378897(v=WS.10).aspx. In this post I want to dig a bit more into different configuration options, show how it works and provide example of how it can be configured with AD FS 2. Authentication Mechanism Assurance is a new feature in Windows 2008 R2 AD DS…

2

AD FS and UAG are Better Together–Example of a real Solution

In the last nine posts we reviewed different topologies and discussed some of the techniques on how to integrate these topologies together. In this post we’ll take a look at real example of a production implementation. The solution very similar to the following design has been implemented by one of the large enterprise companies. We…

0

Designing UAG and AD FS Solution

In the last many posts we looked at all kind of different topologies for UAG and AD FS configuration. Now, since we are armed with knowledge of different configuration options, we can put all of them to use and see how we can apply them to real life situations. Before we do this, we need…

3

UAG and ADFS Better Together–Authentication via Azure ACS

This post discussing how it is possible to publish applications to Internet based users who authenticate to the UAG via one of the Internet Cloud Identity Providers, such as LiveID, Google, Yahoo or Facebook. The Windows Azure ACS acts as IdP-STS in this configuration topology. This is essentially the same as what we discussed in…

1

UAG and ADFS Better Together–Publishing Applications to Partner Organizations

In this scenario, our partner organization users access claims based applications published by our organization UAG servers. The partner users provide security tokens issued by the partner controlled Identity Provider to our AD FS v2 published by the UAG server. This configuration is the most common federated access scenario, and UAG works very nicely to…

0

UAG and AD FS are Better Together – Publishing Non-Claims Based Applications

In article “UAG and AD FS are Better Together – UAG as AD FS Proxy”  we explored how user authenticates to UAG portal via claims based authentication and then accesses claims based application published via UAG portal. But what if published application does not support claims based authentication, after all how many applications out there…

0

UAG and AD FS are Better Together – Strong Auth to Cloud Based Applications

Today we will discuss a solution that provides the following functionality: You what to require your company external users to use strong AuthN when they access 3rd party trusted claims based applications. These applications can be hosted in the Cloud or by Partner organization. The description of this topology is a mouthful, but that is…

0

UAG and AD FS are Better Together - UAG as AD FS Proxy

In previous topologies (1 and 2) we did not expose AD FS server to the outside users as primary form of authentication. This topology will do this. One of the benefits of using UAG server in combination with AD FS is that it can now act as gateway or proxy server to the internal AD…

0

UAG and ADFS are Better Together– Strong Authentication

In the previous post we looked at the most common UAG configuration, with user using username and password for authentication to UAG. In this post we are going to explorer the following  configuration – user authenticates to UAG Portal via Certificate Based Authentication (Soft Certificate or Smart Card based certificate) and then access internal claims…

0