term1 Definition1term2 Definition2term3 Definition3
Please sign in to your Google account to access your documents:
allows indentification, authorization, and authentication to occur across organizational boundaries, user are able to use their local credentials to access resources in hosted in another organization or cloud
AD FS
What are the ADFS Components?
#1.Federation Server-has the ADFS role installed, manages request, involving identity claims. #2. Federation Server Proxy- server deployed on the perimeter network when we want to provide AD FS functionality to clients on untrusted networks such as the Internet. This server relays connections to the Federation Server on the internal network. *Can't be the same server as the Federation Server
AD FS provide______which works on the basis of a ______ about a user , such as "allow access to this web application if the user is a full-time employee of the partner organization"
Claims-based authentication, claims
When building tokes that contain claim data, what does ADFS use?
#1. Claim-descriptions about an object based on it's attributes. #2.Claim rules- determines how a federation server processes a claim; can a simple rule such as treating a user's email a valid claim, or a job title being translated into a security group membership. #3.Attribute Store- holds the values used in claims,
is a federation server that provides users with claims, these claims are stored with digitally encrypted and signed tokens
Claims Provider ; When a user needs a token, it contacts the AD deployment in its native forest to determine if the user has authenticated. It then builds a user claim using attributes located within AD and other attribute stores. *Attributes that are added to the claim are dependent on the attributes required by the partner.
is a member of AD forest that host the resources that the user in the partner organization wants to access
Relying Party ; it accepts and validates the claims contained in the token issued by the claims provider. It then issues a new token that is used by the resource to determine what access to grant the user from the partner organization.
Why do we configure the relying party trust on the AD FS server that functions as the claims provider server
Because a relying party trust means that a claims provider trusts a specific relying party. "Which resource server are we trusting" hence the key word "Relying Trust Party"
Why do we configure the claims provider trust on the Federation Server that functions as the "Relying Party"(Resource Server)
Because the claims provider trusts as a statement and means that a relying party trusts a specific claims provider. " Which account server are we trusting " hence the key word "Claims Provider"
How do we configure a certificate relationship?
#1.Using a 3rd party trusted CA, using an SSL Certificate #2.Configuring CA trusts between partners, we need to import the CA certificate of the partner organization's CA into the TRCA store directly of the AD FS Server, or through AutoEnrollment in Group Policy; and issue a certificate template from ADCS to secure the federation server endpoint
What certificates does AD FS use?
#1. Token-signing certificates-signs all tokens that it issues; the federation server that functions as the claims provider uses the token-signing certificate to verify its identity. The relying party uses the this ticket to verify it was issued by a trusted federation partner #2.Token-decrypting certificate- The public key from this certificate is used by the claims provider to encrypt the user token. When the relying party server receives the toke, it uses the private key to decrypt the user token.
Need help typing ? See our FAQ (opens in new window)
Please sign in to create this set. We'll bring you back here when you are done.
Discard Changes Sign in
Please sign in to add to folders.
Sign in
Don't have an account? Sign Up »
You have created 2 folders. Please upgrade to Cram Premium to create hundreds of folders!