“Geneva” Server Beta

We’re excited to tell you more about the beta release of “Geneva” Server.  In this post we’ll talk a bit about what “Geneva” Server is, as well as discuss the features of “Geneva” Server.  As you may have read already, “Geneva” Server is one component of the broader “Geneva” claims based access (CBA) platform.  The other components are the “Geneva” Framework for developers and Windows CardSpace “Geneva”.  All of the “Geneva” components are available for download at our Connect site. 

This beta release of “Geneva” Server is not yet feature complete, and is not intended for use in a production environment.  We’re looking forward to your early feedback on “Geneva” Server’s features and on what you’d like to see in future releases. 

What is Geneva Server?

“Geneva” Server is a security token service (STS) that enables Active Directory to be an identity provider in the claims based access platform. Specifically, “Geneva” Server solves several identity problems for information technology (IT) professionals:

  • Use the Claims Based Access Platform: Deploying “Geneva” Server enables an organization’s applications to use the claims based access platform and avoid fixed dependencies on specific authentication, authorization and directory service technologies. 

  •  Reduce Duplicate Accounts: “Geneva” Server reduces the need for duplicate accounts and other credential management overhead by enabling federated single sign-on (SSO) for users in other organizations. 

  •  Reduce Number of Passwords for Users: “Geneva” Server enables an organization’s users to consume outsourced hosted services without needing additional credentials.

  • Centrally Manage Application Authentication: “Geneva” Server enables IT professionals to easily change the authentication methods for enterprise applications as security policies change.

  • Manage Communication of User Information: “Geneva” Server enables IT professionals to easily manage the user specific information that is sent to each enterprise application.

  • Normalize Directory Service Access: “Geneva” Server enables IT professionals to avoid line-of-business applications burdening the corporate directory services in unpredictable ways due to poorly constructed, processor-intensive requests.

Additional “Geneva” Server Features

Simplified trust establishment: “Geneva” Server uses industry standard metadata formats for establishing trust between federation partners. The “Geneva” Server administration console allows administrators to establish trust by simply entering the partner’s trust metadata URL. This simplifies and improves the trust establishment experience for administrators by reducing the number of manual steps involved.

Information Cards: Information Cards provide an improved log-in experience, and the issuance of Information Cards allows “Geneva” Server to act as an identity provider that can be used with Windows CardSpace.  “Geneva” Server includes a Web application where Active Directory users can obtain managed Information Cards, as well as administrative capabilities for branding these Information Cards.  

Identity delegation:  Web applications in a multitier architecture often call infrastructure services to access common data or functionality. It is important for these infrastructure services to know the identity of the original user so that the service can make authorization decisions and perform auditing. “Geneva” Server allows an authorized front-end Web application to impersonate its users to the infrastructure service.  When using “Geneva” Server, the infrastructure service knows that the front-end Web application is serving as the user’s delegate. In addition, “Geneva” Server does not require that an account exist in Active Directory for the impersonated user.

Multiple supported authentication methods:  “Geneva” Server supports multiple authentication methods at the STS. Users will be able to authenticate with user name/password, the Kerberos authentication protocol, client X.509 certificates, and Information Cards. Administrators have fine-grained control over the specific authentication methods that are supported, to suit their security policies. In addition, “Geneva” Server supports responding to requests for particular authentication methods, such as smart-cards.  This enables applications that are protected by “Geneva” Server to easily step-up to smart-card authentication for particular operations. 

Interoperable by design:  “Geneva” Server supports multiple, industry-standard, interoperable protocols such as WS-Federation, WS-Trust and other WS-* security standards. In addition, “Geneva” Server supports identity provider functionality in the Web SSO profile of the SAML 2.0 protocol.   This broad base of protocol support makes it possible for “Geneva” Server to work with a variety of identity products from other vendors that support these protocols.

Give us your feedback!

Please give us your feedback and tell us what you think. The set of features above provides only a quick overview of what “Geneva” Server can do.  More posts are coming to discuss these features in detail, and we look forward to a conversation on how “Geneva” Server can solve your identity challenges.  Thanks,

-  The “Geneva” Server Team

Comments (7)

  1.   If you want your application to externalize user authentication to a Security Token Service (STS),

  2. SpatDSG says:

    I am looking for a way to enable logging in Geneva Server, similar to ADFS , it was on the ‘troubleshooting’  tab in the UI.



  3. For those who didn't attend PDC, the Zermatt identity framework has been re-code-named Geneva Framework

  4. ccochran says:

    Hi, I’m having trouble installing the IdentityServer MSI. I am using the Step by Step guide (with the only difference being I’m doing it on Windows Server 2008 R2 x64 Enterprise VMs) and everything has worked perfectly until page 28. When installing the Geneva Server, the MSI package fails and rolls back with error 1603.

    Action 17:38:55: RegisterProduct. Registering product

    RegisterProduct: {62D596D8-4E40-4695-82F0-129F5380912A}

    Action 17:38:55: RegisterSystemManagementInstrumentation.

    CAQuietExec:  Microsoft (R) .NET Framework Assembly Registration Utility 2.0.50727.3521

    CAQuietExec:  Copyright (C) Microsoft Corporation 1998-2004.  All rights reserved.


    CAQuietExec:  RegAsm : error RA0000 : An error occurred while writing the registration information to the registry. You must have administrative credentials to perform this task.  Contact your system administrator for assistance

    CAQuietExec:  Error 0x80070064: Command line returned an error.

    CAQuietExec:  Error 0x80070064: CAQuietExec Failed

    CustomAction RegisterSystemManagementInstrumentation returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

    Action ended 17:38:55: InstallFinalize. Return value 3.

    Action 17:38:55: Rollback. Rolling back action:

    Rollback: RegisterSystemManagementInstrumentation

    Rollback: Registering product

    Rollback: RegisterServiceSnapin

    Rollback: RollbackRegisterServiceSnapin

    CAQuietExec:  Microsoft (R) .NET Framework Installation utility Version 2.0.50727.3521

    CAQuietExec:  Copyright (c) Microsoft Corporation.  All rights reserved.




    CAQuietExec:  The uninstall is beginning…

    I am definitely the Contoso Administrator.

    What should I try?

  5. rtarquini says:

    Is it possible to use an active client to issue RST requests to the Geneva server? Is there an example of this? I would like to use the Geneva server as a Identity provider but would like to use an active client to acquire Authentication Tokens explicitly, instead of creating a custom STS. Seems all the Server examples us Passive Redirect examples.


  6. ghanashyaml says:

    Looks like Geneva Server is NOT yet supported on Windows Server 2008 R2 RC.

    Check this: http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/de2869a0-eb25-438f-87ea-37d023d3dc30

Skip to main content