none
ADFS Diagnostic Tool Instructions?

    Dotaz

  • I am looking for some instructions to go along with the ADFS Diagnostics tool (using this on Server 2008 and I didn't see an ADFS forum).

    I think this comes down to my lack of knowledge on ADFS, but I have the situation as follows:

    servera.domaina.com hosts a sharepoint site that has been extended to the extranet zone for remote access

    serverb.domaina.com hosts the ADFS on the domainA side

    servera.domainb.com is where I want to allow access to the extranet site

    So in this scenario which would be the FS-A, FS-R, or Web Agent? Any help would be appreciated.
    12. listopadu 2008 21:30

Odpovědi

  •  

     

    Hi,

     

    For your scenario, serverb.domaina.com is FS-A; FS-R is servera.domaina.com;

     

    In a typical transaction, an account-side FS (FS-A) retrieves user attributes from Active Directory, authenticates the user against Active Directory, generates a collection of claims for use in the access request, and issues a security token which includes the appropriate claims.

     

    Claims are statements made about users, understood by both parties in a federation, that are used for authorization purposes in an application (e.g, if Joe is a manager, then Joe’s access request may include the “manager” claim, which results in certain access rights). Based on the type of client, the FS-A returns the security token either to the FS Proxy or to the client. A second FS at the resource (FS-R) validates the token for authenticity, then consumes the token, passing the enclosed claims to an application for use in making authorization decisions.

     

    I also search the following resources about ADFS. I list them here and hope these would be helpful:

     

    Need help Troubleshooting ADFS? Check out the ADFS Diag Tool...

    http://blogs.technet.com/adfs_documentation/

     

    ADFS Product Support Blog

    http://blogs.technet.com/adfs/

     

    Introduction to Active Directory Federation Services

    http://www.microsoft.com/windowsserver2003/techinfo/overview/adfsoverview.mspx

    14. listopadu 2008 8:00
    Moderátor

Všechny reakce

  •  

     

    Hi,

     

    For your scenario, serverb.domaina.com is FS-A; FS-R is servera.domaina.com;

     

    In a typical transaction, an account-side FS (FS-A) retrieves user attributes from Active Directory, authenticates the user against Active Directory, generates a collection of claims for use in the access request, and issues a security token which includes the appropriate claims.

     

    Claims are statements made about users, understood by both parties in a federation, that are used for authorization purposes in an application (e.g, if Joe is a manager, then Joe’s access request may include the “manager” claim, which results in certain access rights). Based on the type of client, the FS-A returns the security token either to the FS Proxy or to the client. A second FS at the resource (FS-R) validates the token for authenticity, then consumes the token, passing the enclosed claims to an application for use in making authorization decisions.

     

    I also search the following resources about ADFS. I list them here and hope these would be helpful:

     

    Need help Troubleshooting ADFS? Check out the ADFS Diag Tool...

    http://blogs.technet.com/adfs_documentation/

     

    ADFS Product Support Blog

    http://blogs.technet.com/adfs/

     

    Introduction to Active Directory Federation Services

    http://www.microsoft.com/windowsserver2003/techinfo/overview/adfsoverview.mspx

    14. listopadu 2008 8:00
    Moderátor
  • Thanks.
    14. listopadu 2008 8:16