listen to is deploying a T. F s
this lesson. We're gonna look at a T. F s components
p k i A certificate requirements
If the effects components
member A T. F. S is his story as it serve a role in December 2012.
there are many different components you need to install on configure an A. T. F s deployment is something with a d a m s a D r M s. If you remember, the less the last our module,
even though we had to, we had to Army stolen the server road. There's a lot of components that goes into it without its components in place. Idiot Fest or eight year are a mess. We know work properly,
Mr Car Components For a D A face, we have a federation server.
The Federation survey is a very important component because it issues
monitors on violated requests involving identity claims.
All your implementation off a. D. F. S require at least one federation service
for each participating forest, so each participating forests require
tradition, service service proxy or Web application proxy.
This is an option Our component.
This is what you probably have. Your DMC. A perimeter network.
This is audition. I lay off security
The traditional layout Security went Web service proxy. Also call Web application proxy.
It's on a dish. Optional components.
Ah, yes, this you probably having your DMC zone.
It does not add any functionality to a T. F s deployment,
but the only thing I wanted um,
functionally gives us it's, ah, a layer of security for connection. It's what if people users are connecting through the Internet.
That way they can interact with the Web proxy. Ah, Web application proxy
Clemens I like components
it claim is a statement it trusted entity makes about an object such as a user
the crime could include. He used his name, job title or any other factor that might be used to Ford and authentication reasons
With Windows 7 2012 The object can also be a device
used in a D. C. Deployment
Clem rules determine our federation server process claims.
For example, claim room might stay that an email address is accepted as a valid claim
or a group name from one organization is France inter application specific role
This rules usually a process in real time
You saw that component
A T F s use attributes stall to look up Claim values
Klim provider is the server that issues claims on authenticate user
He claims provider is one side of the ADF s authentication authorization process
He claims provider manage user authentication
then use that claimed that the user presents
then issues a claim that use the presents
relying parties Another component
Lion party is a party where the ug application is located
and it is the other side of a d. F s authentication authorization process.
You're lying Parties, A Web service that consumes claims from the claim provider
claims provider Trust
claim provider Trust configures data that defines rules under which it client might
request claim form a claim provider.
I'm subsequently so midem to rely on party.
For example, The trust consists of various identify as such as, ah, name's groups on various rules
we lying party trust
Ryan Party troughs defines the claiming for mission about use our client
that idea face were pastor to relying party.
The school also have different
identify such as names, groups on various rules
ADF s uses digital certificates when comes when communicating over SSL or a spot of a token issue in process
a spot of it talking, receiving process about it and also meta data publishing process.
So a T. F s use digital certificate when when communication over SSL
or our spot of a token issues process our spot of took in receiving process On our spot of the made up
data publishing process
you get those certificates
are also used for talking signing
another component said points and points are windows communication foundation mechanism.
They enable access to a T. F s technologies,
including talking insurance on metadata publishing.
You're A d. F s comes with built in and points
prerequisite for a d. F s very important because without the prerequisite, you cannot install it successfully.
You know, before you deploy the affairs, you must assure that you you have internal network
asked his basic prerequisites
for connect well, connectivity following connectivity is required,
the client computer must be able to communicate with a web application
must be the resource federation server
on the website of a proxy on the account
federation's server are federation server proxy By using a T. T. P. S.
What? *** what I mean by that is your client's machines such as Windows seven, Windows eight or whatever must be able to communicate with the Web application
was called Miss K with the Resource Application server.
The federation serve a proxy
on the account federation server or federation. Serve a proxy by using a T. T. P s. By using secure connection,
the Federation server proxy must be able to communicate with the Federation server
in the same organization by using a t. T. P s,
the Federation server and eternal client computer must be able to communicate with the main control of Forrester authentication.
What that means is, um,
active director Demand service must also become figured.
You're active. Directory service must become figured.
Your federation service must be joined to the domain.
Your federation service proxy doesn't have to be joined to domain.
What else do you need?
You almost have to C p I p network connectivity.
You must act active directory. Damen service is
you must have an attribute store.
You must have the NS,
you must have compatible or prettiest systems such as Windows Server 2003
in December 2008. 27 2012
for example. If you're using Windows 7 2012 release to Ah yes, it's not required.
Well, prior to Windows Server 2012 Released. Two I s is required.
Now if you also using Windows Server 2000 and 12 Release, too.
No a d. F s stand alone server option. Young Miss. You can all use 80 if it's general options.
All right, let's look up Ikea and certificate requirements
Um, septic, A used by idea Fair's includes service communication certificates.
For example, Idiot fester cures all communication using SSL, which require certificates
our computer that comic it with a D. F s most trusted certificate as useful service communication.
Um, before the computers, there's connecting to your A d F s I domain joint. Well, you could use auto enrollment to get certificates. If not,
if there's other partner organization, consider using tor party certification authorities such as very sign
you also talking. Signing certificate
took in Sinus certificates used to sign every token that the Federation server issues
this certificate is critical to all. ADF s deployment
because it took his signature indicates weeks
tradition server issue as the token.
They're talking to krypton certificates.
So he took into KRYPTON. So I used to encrypt the entire user. Took it before it's transmitted across the network from claim provider Federation Server
Tow The Relying Party Federation server. So took and decrypted says it could I use to encrypt the entire user token before it's transmitted across the network
from the claim provider.
Federation. Servitude Relying Party Federation server
Choosing a C A. Watts Here. Will I use Should I use a commission, CIA or internal CIA depends.
You know it. GFS Federation server. Can you self signed certificates from your internal C A R privacy? A. But when you're doing a collaboration with other organization humans better,
um, that you use it commercial. See a such as very sign