Claims Identity Guide–Hands On Labs

Training content based on our guides has been as popular as the content itself. You can now download the “Release Candidate” for labs corresponding to the new guide. The labs are more than just a mirror of the guide. We took the opportunity of adding a few things that complement and extend what is explained…


Authentication in WP7 client with REST Services–Part II

In the previous post I covered the “semi-passive” way for authentication between a Windows Phone 7 client and a REST service. This post completes the information with the “active” way. There’s nothing unexpected here really: We call the Identity Provider using a RequestSecurityToken message (RST) We send the SAML token to ACS and get a…


SaaSGrid and Identity

Apprenda’s SaaSGrid is now “claims enabled”!  This is fantastic news. Any SG customer can now enjoy the benefits of claims based identity: simpler user management, easy federation with business partners, support for multiple identity providers, greater interoperability, etc. SG support for claims based identity maps nicely with what’s described in the “Claims Identity Guide –…


Single Sign Out–WebSSO

While reviewing all the existing samples we’ve noticed that our implementation of Single Sign Out was kind of….weak.  It wasn’t really fully implemented and wasn’t very clear what was happening either (or what it should happen) We’ve fixed all that now in scenario 1: WebSSO. Things get more complicated when more than 1 STS is…


ACS as a Federation Provider – Claims transformation

To work properly, a-Order needs a number of claims to be supplied: User name Organization Role The "Organization” claim is used to filter orders belonging to a specific customer of Adatum. For example, Litware users (like Rick) will eventually end up with a token containing a claim with “Organization=Litware”. All this is done in step…


ACS as a Federation Provider–Home Realm Discovery Part 2

In my previous post, I had a question for all you: What would happen if Adatum’s FP didn’t supply ACS with the whr parameter? An the answer is: ….. ACS will simply ask the user!   ACS has no way (besides the whr parameter) of knowing where to go next (unless you configured your app…


ACS as a Federation Provider – A little bit deeper into the sample (Home Realm Discovery)

Updates: fixed typos. Clarified how Home Realm Discovery works in this example.   In the previous post, I introduced the basic scenario of using ACS as a federation provider for Adatum (in addition to the one they already have). In this post, I’ll show you more details on how this works, based on the sample…


Our next project – Claims based Identity and Access Control

Not surprisingly maybe, security in general, and authentication & authorization in particular, is a consistently highly rated concern for our customers. These concerns are especially elevated  with those considering the cloud, because they don’t have as much control on the cloud as they would typically have in their own datacenters. Sometimes, one could argue, for…


A year’s balance–next project

A little bit late for a year balance since the year has already started, or so I’m told. Anyway, as we prepare for the next project, I reflected on my team’s work for the last 18 months. 18 months is more than a year, so you might wonder why am I doing a year balance…


Identity Federation Interoperability – WIF + ADFS + CA SiteMinder

  Update: I just found this comprehensive guide for setting up federation with CA SiteMinder. How it works (Full size diagram here) End to end demo (Video here) Technorati Tags: Federated Identity,SSO,Federation Provider,Identity Provider,a-Expense,ADFS,Interop,WIF,SiteMinder