MSDN Magazine - December 2007 - (Page 87)

Jack Couch Security Authenticate Users Across Organizations Using ADFS ctive Directory® Federation Services (ADFS) was introduced in Windows Server® 2003 for organizations that need to participate in standards-based identity federation. With ADFS, you can more easily validate identity data from other organizations, leading to greater interoperability with your partners. In this article, I’ll take you on a guided tour of ADFS in action, using the experiences of a fictitious online service provider (A. Datum Corporation) that uses ADFS to interact with a real online service provider (UnderMyControl.com) and a fictitious customer (Tailspin Toys). or Active Directory) to authenticate users. An ADFS server acting as a resource partner is configured to support ADFS-aware applications. In this scenario, the ADFS server provides access both to the applications and to the account store. By using ADAM in conjunction with ADFS, you can enable single sign-on (SSO) so that customers don’t have to remember a multitude of passwords. Figure 1 shows how A. Datum deployed this solution in its organization. This article is based in part on a prerelease version of Windows Live ID. Details herein are subject to change. Using ADFS for SSO in a Single Organization The A. Datum Corporation is an online service provider that offers two Web applications to consumers. The first Web application enables online document sharing and storage; the second provides online music publishing for independent artists. Rather than using two separate account stores, which would require users to keep track of user names and passwords for each application, A. Datum used ADFS and ADAM (Active Directory Application Mode) to create a single account store, which enables users to access both applications using a single user name and password. In many situations, an ADFS server will act as either an account partner or a resource partner. An ADFS server acting as an account partner is configured to interact with an account store (either ADAM This article uses the following technologies: ADFS, ADAM This article discusses: Using ADFS for SSO in a single organization Configuring ADFS on the server and client ✥ Connecting to an external organization ✥ Expanding trust further with ADFS ✥ ✥ Jack Couch started his career in military intelligence and spent the past decade providing information security expertise to high-security government agencies and Fortune 500 companies. Recently, Jack was the Security Release Manager for Microsoft Windows Vista. He is currently the Managing Partner at DeepIntel, a security consulting firm dedicated to improving the security of large organizations. Jack can be contacted at jack@deepintel.com. december2007 87 Table of Contents for the Digital Edition of MSDN Magazine - December 2007ToolboxCLR Inside OutData PointsCutting EdgeMap LINQVSTOCmdletsInteropSecurityTest RunService StationNetting C++.NET MattersWindows with C++{End Bracket}MSDN Magazine - December 2007MSDN Magazine - December 2007 - (Page Cover1)MSDN Magazine - December 2007 - (Page Cover2)MSDN Magazine - December 2007 - (Page 1)MSDN Magazine - December 2007 - (Page 2)MSDN Magazine - December 2007 - (Page 3)MSDN Magazine - December 2007 - (Page 4)MSDN Magazine - December 2007 - (Page 5)MSDN Magazine - December 2007 - (Page 6)MSDN Magazine - December 2007 - (Page 7)MSDN Magazine - December 2007 - (Page 8)MSDN Magazine - December 2007 - (Page 9)MSDN Magazine - December 2007 - (Page 10)MSDN Magazine - December 2007 - Toolbox (Page 11)MSDN Magazine - December 2007 - Toolbox (Page 12)MSDN Magazine - December 2007 - Toolbox (Page 13)MSDN Magazine - December 2007 - Toolbox (Page 14)MSDN Magazine - December 2007 - Toolbox (Page 15)MSDN Magazine - December 2007 - Toolbox (Page 16)MSDN Magazine - December 2007 - CLR Inside Out (Page 17)MSDN Magazine - December 2007 - CLR Inside Out (Page 18)MSDN Magazine - December 2007 - CLR Inside Out (Page 19)MSDN Magazine - December 2007 - CLR Inside Out (Page 20)MSDN Magazine - December 2007 - CLR Inside Out (Page 21)MSDN Magazine - December 2007 - CLR Inside Out (Page 22)MSDN Magazine - December 2007 - CLR Inside Out (Page 23)MSDN Magazine - December 2007 - CLR Inside Out (Page 24)MSDN Magazine - December 2007 - CLR Inside Out (Page 25)MSDN Magazine - December 2007 - CLR Inside Out (Page 26)MSDN Magazine - December 2007 - CLR Inside Out (Page 27)MSDN Magazine - December 2007 - CLR Inside Out (Page 28)MSDN Magazine - December 2007 - Data Points (Page 29)MSDN Magazine - December 2007 - Data Points (Page 30)MSDN Magazine - December 2007 - Data Points (Page 31)MSDN Magazine - December 2007 - Data Points (Page 32)MSDN Magazine - December 2007 - Data Points (Page 33)MSDN Magazine - December 2007 - Data Points (Page 34)MSDN Magazine - December 2007 - Cutting Edge (Page 35)MSDN Magazine - December 2007 - Cutting Edge (Page 36)MSDN Magazine - December 2007 - Cutting Edge (Page 37)MSDN Magazine - December 2007 - Cutting Edge (Page 38)MSDN Magazine - December 2007 - Cutting Edge (Page 39)MSDN Magazine - December 2007 - Cutting Edge (Page 40)MSDN Magazine - December 2007 - Cutting Edge (Page 41)MSDN Magazine - December 2007 - Cutting Edge (Page 42)MSDN Magazine - December 2007 - Cutting Edge (Page 43)MSDN Magazine - December 2007 - Cutting Edge (Page 44)MSDN Magazine - December 2007 - Cutting Edge (Page 45)MSDN Magazine - December 2007 - Map LINQ (Page 46)MSDN Magazine - December 2007 - Map LINQ (Page 47)MSDN Magazine - December 2007 - Map LINQ (Page 48)MSDN Magazine - December 2007 - Map LINQ (Page 49)MSDN Magazine - December 2007 - Map LINQ (Page 50)MSDN Magazine - December 2007 - Map LINQ (Page 51)MSDN Magazine - December 2007 - Map LINQ (Page 52)MSDN Magazine - December 2007 - Map LINQ (Page 53)MSDN Magazine - December 2007 - Map LINQ (Page 54)MSDN Magazine - December 2007 - Map LINQ (Page 55)MSDN Magazine - December 2007 - Map LINQ (Page 56)MSDN Magazine - December 2007 - Map LINQ (Page 57)MSDN Magazine - December 2007 - VSTO (Page 58)MSDN Magazine - December 2007 - VSTO (Page 59)MSDN Magazine - December 2007 - VSTO (Page 60)MSDN Magazine - December 2007 - VSTO (Page 61)MSDN Magazine - December 2007 - VSTO (Page 62)MSDN Magazine - December 2007 - VSTO (Page 63)MSDN Magazine - December 2007 - VSTO (Page 64)MSDN Magazine - December 2007 - VSTO (Page 65)MSDN Magazine - December 2007 - VSTO (Page 66)MSDN Magazine - December 2007 - VSTO (Page 67)MSDN Magazine - December 2007 - Cmdlets (Page 68)MSDN Magazine - December 2007 - Cmdlets (Page 69)MSDN Magazine - December 2007 - Cmdlets (Page 70)MSDN Magazine - December 2007 - Cmdlets (Page 71)MSDN Magazine - December 2007 - Cmdlets (Page 72)MSDN Magazine - December 2007 - Cmdlets (Page 73)MSDN Magazine - December 2007 - Cmdlets (Page 74)MSDN Magazine - December 2007 - Cmdlets (Page 75)MSDN Magazine - December 2007 - Cmdlets (Page 76)MSDN Magazine - December 2007 - Cmdlets (Page 77)MSDN Magazine - December 2007 - Cmdlets (Page 78)MSDN Magazine - December 2007 - Interop (Page 79)MSDN Magazine - December 2007 - Interop (Page 80)MSDN Magazine - December 2007 - Interop (Page 81)MSDN Magazine - December 2007 - Interop (Page 82)MSDN Magazine - December 2007 - Interop (Page 83)MSDN Magazine - December 2007 - Interop (Page 84)MSDN Magazine - December 2007 - Interop (Page 85)MSDN Magazine - December 2007 - Interop (Page 86)MSDN Magazine - December 2007 - Security (Page 87)MSDN Magazine - December 2007 - Security (Page 88)MSDN Magazine - December 2007 - Security (Page 89)MSDN Magazine - December 2007 - Security (Page 90)MSDN Magazine - December 2007 - Security (Page 91)MSDN Magazine - December 2007 - Security (Page 92)MSDN Magazine - December 2007 - Security (Page 93)MSDN Magazine - December 2007 - Security (Page 94)MSDN Magazine - December 2007 - Test Run (Page 95)MSDN Magazine - December 2007 - Test Run (Page 96)MSDN Magazine - December 2007 - Test Run (Page 97)MSDN Magazine - December 2007 - Test Run (Page 98)MSDN Magazine - December 2007 - Test Run (Page 99)MSDN Magazine - December 2007 - Test Run (Page 100)MSDN Magazine - December 2007 - Test Run (Page 101)MSDN Magazine - December 2007 - Test Run (Page 102)MSDN Magazine - December 2007 - Service Station (Page 103)MSDN Magazine - December 2007 - Service Station (Page 104)MSDN Magazine - December 2007 - Service Station (Page 105)MSDN Magazine - December 2007 - Service Station (Page 106)MSDN Magazine - December 2007 - Service Station (Page 107)MSDN Magazine - December 2007 - Service Station (Page 108)MSDN Magazine - December 2007 - Service Station (Page 109)MSDN Magazine - December 2007 - Service Station (Page 110)MSDN Magazine - December 2007 - Service Station (Page 111)MSDN Magazine - December 2007 - Service Station (Page 112)MSDN Magazine - December 2007 - Netting C++ (Page 113)MSDN Magazine - December 2007 - Netting C++ (Page 114)MSDN Magazine - December 2007 - Netting C++ (Page 115)MSDN Magazine - December 2007 - Netting C++ (Page 116)MSDN Magazine - December 2007 - .NET Matters (Page 117)MSDN Magazine - December 2007 - .NET Matters (Page 118)MSDN Magazine - December 2007 - .NET Matters (Page 119)MSDN Magazine - December 2007 - .NET Matters (Page 120)MSDN Magazine - December 2007 - .NET Matters (Page 121)MSDN Magazine - December 2007 - .NET Matters (Page 122)MSDN Magazine - December 2007 - Windows with C++ (Page 123)MSDN Magazine - December 2007 - Windows with C++ (Page 124)MSDN Magazine - December 2007 - Windows with C++ (Page 125)MSDN Magazine - December 2007 - Windows with C++ (Page 126)MSDN Magazine - December 2007 - Windows with C++ (Page 127)MSDN Magazine - December 2007 - {End Bracket} (Page 128)MSDN Magazine - December 2007 - {End Bracket} (Page Cover3)MSDN Magazine - December 2007 - {End Bracket} (Page Cover4)http://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.