AD FS Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
5 hours 18 minutes
Difficulty
Intermediate
CEU/CPE
20
Video Transcription
00:04
listen to is deploying a T. F s
00:07
this lesson. We're gonna look at a T. F s components
00:11
80 fsp requisites
00:13
p k i A certificate requirements
00:16
If the effects components
00:19
member A T. F. S is his story as it serve a role in December 2012.
00:25
However,
00:27
there are many different components you need to install on configure an A. T. F s deployment is something with a d a m s a D r M s. If you remember, the less the last our module,
00:38
even though we had to, we had to Army stolen the server road. There's a lot of components that goes into it without its components in place. Idiot Fest or eight year are a mess. We know work properly,
00:51
Mr Car Components For a D A face, we have a federation server.
00:56
The Federation survey is a very important component because it issues
01:00
monitors on violated requests involving identity claims.
01:07
All your implementation off a. D. F. S require at least one federation service
01:12
for each participating forest, so each participating forests require
01:19
a D. F s
01:19
federation server,
01:23
tradition, service service proxy or Web application proxy.
01:29
This is an option Our component.
01:32
This is what you probably have. Your DMC. A perimeter network.
01:38
This is audition. I lay off security
01:46
The traditional layout Security went Web service proxy. Also call Web application proxy.
01:52
It's on a dish. Optional components.
01:56
Ah, yes, this you probably having your DMC zone.
02:00
It does not add any functionality to a T. F s deployment,
02:04
but the only thing I wanted um,
02:07
functionally gives us it's, ah, a layer of security for connection. It's what if people users are connecting through the Internet.
02:16
That way they can interact with the Web proxy. Ah, Web application proxy
02:22
flame
02:24
Clemens I like components
02:27
it claim is a statement it trusted entity makes about an object such as a user
02:34
the crime could include. He used his name, job title or any other factor that might be used to Ford and authentication reasons
02:45
With Windows 7 2012 The object can also be a device
02:50
used in a D. C. Deployment
02:54
claim rules.
02:57
Clem rules determine our federation server process claims.
03:04
For example, claim room might stay that an email address is accepted as a valid claim
03:10
or a group name from one organization is France inter application specific role
03:19
This rules usually a process in real time
03:27
ock tribute stall
03:29
You saw that component
03:30
A T F s use attributes stall to look up Claim values
03:40
Claim provider
03:44
Klim provider is the server that issues claims on authenticate user
03:50
He claims provider is one side of the ADF s authentication authorization process
03:58
He claims provider manage user authentication
04:00
then use that claimed that the user presents
04:04
then issues a claim that use the presents
04:08
to a relying party
04:12
relying parties Another component
04:15
Lion party is a party where the ug application is located
04:19
and it is the other side of a d. F s authentication authorization process.
04:26
You're lying Parties, A Web service that consumes claims from the claim provider
04:35
claims provider Trust
04:38
claim provider Trust configures data that defines rules under which it client might
04:45
request claim form a claim provider.
04:47
I'm subsequently so midem to rely on party.
04:54
For example, The trust consists of various identify as such as, ah, name's groups on various rules
05:08
we lying party trust
05:12
Ryan Party troughs defines the claiming for mission about use our client
05:15
that idea face were pastor to relying party.
05:21
The school also have different
05:24
identify such as names, groups on various rules
05:28
certificates.
05:30
ADF s uses digital certificates when comes when communicating over SSL or a spot of a token issue in process
05:40
a spot of it talking, receiving process about it and also meta data publishing process.
05:46
So a T. F s use digital certificate when when communication over SSL
05:51
or our spot of a token issues process our spot of took in receiving process On our spot of the made up
05:59
data publishing process
06:02
you get those certificates
06:05
are also used for talking signing
06:13
another component said points and points are windows communication foundation mechanism.
06:19
They enable access to a T. F s technologies,
06:23
including talking insurance on metadata publishing.
06:29
You're A d. F s comes with built in and points
06:34
ADF s prerequisite
06:38
prerequisite for a d. F s very important because without the prerequisite, you cannot install it successfully.
06:46
You know, before you deploy the affairs, you must assure that you you have internal network
06:51
asked his basic prerequisites
06:56
for example,
06:59
for connect well, connectivity following connectivity is required,
07:04
the client computer must be able to communicate with a web application
07:12
must be the resource federation server
07:15
on the website of a proxy on the account
07:19
federation's server are federation server proxy By using a T. T. P. S.
07:26
What? *** what I mean by that is your client's machines such as Windows seven, Windows eight or whatever must be able to communicate with the Web application
07:35
was called Miss K with the Resource Application server.
07:40
The federation serve a proxy
07:43
on the account federation server or federation. Serve a proxy by using a T. T. P s. By using secure connection,
07:51
the Federation server proxy must be able to communicate with the Federation server
07:57
in the same organization by using a t. T. P s,
08:03
the Federation server and eternal client computer must be able to communicate with the main control of Forrester authentication.
08:13
What that means is, um,
08:16
active director Demand service must also become figured.
08:20
You're active. Directory service must become figured.
08:24
Your federation service must be joined to the domain.
08:31
Your federation service proxy doesn't have to be joined to domain.
08:35
What else do you need?
08:39
You almost have to C p I p network connectivity.
08:43
You must act active directory. Damen service is
08:46
you must have an attribute store.
08:50
Come Figured
08:52
You must have the NS,
08:56
you must have compatible or prettiest systems such as Windows Server 2003
09:03
in December 2008. 27 2012
09:07
for example. If you're using Windows 7 2012 release to Ah yes, it's not required.
09:13
Well, prior to Windows Server 2012 Released. Two I s is required.
09:18
Now if you also using Windows Server 2000 and 12 Release, too.
09:22
No a d. F s stand alone server option. Young Miss. You can all use 80 if it's general options.
09:30
All right, let's look up Ikea and certificate requirements
09:35
with some A D. F s.
09:39
Um, septic, A used by idea Fair's includes service communication certificates.
09:46
For example, Idiot fester cures all communication using SSL, which require certificates
09:52
our computer that comic it with a D. F s most trusted certificate as useful service communication.
10:03
Um, before the computers, there's connecting to your A d F s I domain joint. Well, you could use auto enrollment to get certificates. If not,
10:13
if there's other partner organization, consider using tor party certification authorities such as very sign
10:20
you also talking. Signing certificate
10:24
took in Sinus certificates used to sign every token that the Federation server issues
10:30
this certificate is critical to all. ADF s deployment
10:35
because it took his signature indicates weeks
10:39
tradition server issue as the token.
10:43
They're talking to krypton certificates.
10:46
So he took into KRYPTON. So I used to encrypt the entire user. Took it before it's transmitted across the network from claim provider Federation Server
10:58
Tow The Relying Party Federation server. So took and decrypted says it could I use to encrypt the entire user token before it's transmitted across the network
11:11
from the claim provider.
11:13
Federation. Servitude Relying Party Federation server
11:18
Choosing a C A. Watts Here. Will I use Should I use a commission, CIA or internal CIA depends.
11:26
You know it. GFS Federation server. Can you self signed certificates from your internal C A R privacy? A. But when you're doing a collaboration with other organization humans better,
11:39
um, that you use it commercial. See a such as very sign
Up Next
Microsoft Certified Solutions Associate (MCSA) Certification

Our self-paced online Microsoft Certified Solutions Associate (MCSA) certification training course will teach you all you need to know for the certification exam: how to configure file and print services, how to deploy, manage and maintain Microsoft servers, and other relevant topics.

Instructed By