Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • 03-Federation Gateway Service

    Încărcat de

    Sivadon Chaisiri
    329 vizualizări19 pagini
    Live Services Jumpstart

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Live Services Jumpstart

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    329 vizualizări19 pagini

    03-Federation Gateway Service

    Încărcat de

    Sivadon Chaisiri
    Live Services Jumpstart

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 19

    Live Services

    Synchronizing Life

    Microsoft
    Federation Gateway
    Microsoft Federation Gateway Service
    Live Services
    Synchronizing Life

    Overview
    • The
    Federation
    Gateway
    Microsoft Federation Gateway Service Live Services
    Synchronizing Life

    Goal
    • Allow users to sign in to online
    services with familiar credentials
    from any third-party domain

    Solution
    • The Federation Gateway Service
    uses open standards to implement
    a secure trust relationship between
    Microsoft Federation Gateway Service Live Services
    Synchronizing Life

    Seamless
    Sign-in to any
    Live ID service
    • The Microsoft Federation
    Gateway service enables seamless S
    Microsoft Federation Gateway Service Live Services
    Synchronizing Life

    Standards-based, cross-platform
    identity federation
    • Live ID Federation uses open standards

    Identity Providers (partner


    organizations) can use any identity store
    • Active Directory

    Resource Providers
    • Resource providers (application hosters
    & developers) can use the proven Live ID
    Identity federation between trusted Live Services
    Synchronizing Life
    Federation of identities between Live Services
    Synchronizing Life
    Microsoft Federation Gateway Service Live Services
    Synchronizing Life

    How Federated Sign In Works


    1. One-time setup of federation
    • Provision trust relationship
    • Install a federation server on corporate domain

    2. User browses to a service that uses Live ID


    • The user browses to a site like mail.live.com or
    crm.dynamics.com

    3. User authenticates on the partner’s login server


    • Partner’s server does authentication then redirects to
    Microsoft’s federation gateway

    Federation Gateway redirects to the target service and user is


    signed in
    • Federation Gateway sends the user to the target service
    Signing into a Microsoft service Signup Live Services
    Synchronizing Life

    Organization 1 using a federated identity from UI

    Federation
    Running Active an Active Directory org RPS

    Server
    Login UI
    Directory and using WebAuth
    the MSC to access - Username/
    password
    Online services - CardSpace
    Active Directory Identity - Sign In assistant
    - Token
    Provider
    Organization 2 WS-Trust

    Federation
    Is not running Active

    Server
    Directory but federates
    their identity provider
    with the Microsoft
    Federation Gateway.
    Custom Identity Store

    WS-Trust Microsoft
    WS-Fed Federation Gateway
    Consumer Microsoft services
    PC (Windows) Microsoft
    Browser Services
    Custom Application Microsoft
    provided 3rd party
    Windows Live 1st Party apps cloud based
    CRM
    services
    APIs
    Microsoft Outlook

    “Strata”
    Mobile Device (???)
    Signing into a Signup Live Services
    Synchronizing Life

    Organization 1 Microsoft service from UI

    Federation
    Running Active an organization using RPS

    Server
    Login UI
    Directory and using
    the MSC to access any identity solution WebAuth
    - Username/
    password
    Online services - CardSpace
    Active Directory Identity - Sign In assistant
    - Token
    Provider
    Organization 2 WS-Trust

    Federation
    Is not running Active

    Server
    Directory but federates
    their identity provider
    with the Microsoft
    Federation Gateway.
    Custom Identity Store

    WS-Trust Microsoft
    WS-Fed Federation Gateway
    Consumer Microsoft services
    PC (Windows) Microsoft
    Browser Services
    Custom Application Microsoft
    provided 3rd party
    Windows Live 1st Party apps cloud based
    CRM
    services
    APIs
    Microsoft Outlook

    “Strata”
    Mobile Device (???)
    Microsoft Federation Gateway Service Live Services
    Synchronizing Life

    Federation Gateway Service in Action

    • Using Dynamics CRM Online as an


    example

    mary@fabrikam2.com
    Microsoft Federation Gateway Service
    Federation Gateway Service in Action
    Live Services
    Synchronizing Life

    • Live ID detects that fabrikam2.com is a


    federated domain; redirects to
    domain’s auth server
    Microsoft Federation Gateway Service Live Services
    Synchronizing Life

    Federation Gateway Service in Action

    • User’s domain handles authentication

    mary@fabrikam2.com

    *************
    Microsoft Federation Gateway Service Live Services
    Synchronizing Life

    Federation Gateway Service in Action

    • User is seamlessly signed in to any


    service using Live ID
    Microsoft Federation Gateway Service Live Services
    Synchronizing Life

    Setup and Configuration

    Two ways to setup federation


    • Manual setup
    • Microsoft Services Connector

    Manual Setup

    Microsoft Services Connector


    • Automatically provisions federation and sets up an
    authentication server – see the detailed decks on the
    Establishing Trust Live Services
    Synchronizing Life

    • An organization that wants to establish


    a federated partner relationship should
    work with Windows Live ID to:
    – Set up a written business agreement.
    – Take certain industry-standard security
    measures
    Information That Partners Provide to Live Services
    Synchronizing Life

    • Logout URL
    • Partner URL
    • X.509 Token signing certificate
    • Partner Friendly name
    Information That Windows Live ID Live Services
    Synchronizing Life

    • Necessary URL
    • This will be in a WS-Federation
    metadata document hosted by SSL
    • Provided separately to each partners
    Microsoft Federation Gateway Service Live Services
    Synchronizing Life

    More Information

    • Live ID on dev.live.com:
    http://dev.live.com/liveid/
    • Live ID Federation white paper
    http://msdn.microsoft.com/en-us/
    library/cc287610.aspx

    S-ar putea să vă placă și