50065 Installing and Configuring an Active Directory Federation Services Solution

Code: 50065
Category: Microsoft Windows Server Training
Course duration: 4 days
Price:

50065: Installing and Configuring an Active Directory Federation Services Solution (4 Days)

About this Course

This four-day instructor-led course is designed for IT professionals who need to develop a thorough understanding of the way in which federation can be used to resolve typical inter-security realm resource access problems. The business drivers for federation are first explored before installing and configuring Microsoft Active Directory Federation Services (ADFS) as a solution. Delegates will learn how to choose the right ADFS deployment option for specific business needs and then go on to configure the trust policy appropriately, along with the organization claims, account stores, applications and partner organizations.

Audience Profile

This course is intended for IT Professionals.

At Course Completion

After completing this course, students will be able to:

  • Understand basic ADFS concepts.
  • Prepare for an ADFS deployment.
  • Understand key principles of PKI technology.
  • Explain how ADFS is used in B2B and B2C scenarios.
  • Deploy ADFS using the federated WebSSO with forest trust option.
  • Deploy ADFS using ADAM and WebSSO.
  • Understand when and how to use AzMan.
  • Understand common troubleshooting strategies with ADFS.
  • Understand concepts of interoperability with ADFS.

Course Outline

Module 1: Introducing Federation

This module is designed to provide an introduction to the concept of federation and Microsoft’s ADFS as a particular federation solution.

Lessons

  • The Need for Federation
  • Traditional Solutions
  • ADFS as a Federation Solution
  • Prerequisites for Federation

After completing this module, students will be able to:

  • Describe the technical business needs for federation
  • Describe how resources are traditionally shared, and what the drawbacks are
  • Understand how federation, and hence ADFS, can provide a solution
  • Understand the fundamental pre-requisites for an ADFS implementation

Module 2: Preparing for ADFS

This module introduces the core supporting technologies that require consideration and planning prior to deploying an implementation of ADFS. Students will practice creating and managing Websites using IIS 6.0 and gain practical experience installing and configuring ADAM.

Lessons

  • ADFS and the Basic Requirements
  • IIS 6.0
  • Directory Services

After completing this module, students will be able to:

  • Identify the key Windows components required for ADFS
  • Describe what is meant by the terms Web Services and WS*
  • Recognize the role of IIS 6.0 in a successful ADFS deployment
  • Describe the key characteristics of a Directory Service and the role Active Directory and ADAM perform in an ADFS deployment

Module 3: Introduction to PKI

This module explains a PKI and its basic components. It also explains certificates, digital signatures and digital encryption. Students will be able to plan a simple PKI in an enterprise environment and apply PKI principals to ADFS.

Lessons

  • ADFS and PKI
  • PKI Basics
  • Introduction to Cryptography
  • Certificates and Certification Authorities
  • Installing and Configuring Certificate Services

After completing this module, students will be able to:

  • Describe a PKI and its basic components
  • Describe the role that certificates play in securing trust between parties
  • Understand and describe digital signatures and digital encryption
  • Plan a simple PKI in an enterprise environment
  • Apply PKI principals to ADFS

Module 4: Introducing ADFS

This module will introduce ADFS in more detail than the previous modules. While previous modules have introduced terminology and high level concepts, detail has necessarily been omitted. In this module’s six lessons students will delve more deeply into the technical workings of ADFS.

Lessons

  • Federation Business Scenarios and the ADFS Deployment Options
  • ADFS Core Components
  • Authentication and ADFS
  • Authorization and ADFS
  • Certificate Requirements for ADFS
  • Traffic Flow in Various Deployment Scenarios

After completing this module, students will be able to:

  • Describe and explain how the ADFS deployment options and configurations map to business requirements
  • Understand the roles of each ADFS component
  • Understand how ADFS authenticates users and performs claims extractions
  • Understand the part played by ADFS in authorizing users to access resources
  • Describe how to implement all the PKI requirements for an ADFS implementation

Module 5: Implementing ADFS in a B2B Scenario Using the Federated WebSSO Configuration

In this module, students will learn and practice how to implement a B2B scenario using ADFS.

Lessons

  • Installing ADFS
  • Configuring an Account Partner
  • Configuring a Resource Partner

After completing this module, students will be able to:

  • Install two of the ADFS components, namely the federation service and the Web agent
  • Configure an ADFS trust policy
  • Create local account stores and applications
  • Configure claims extractions, and both outgoing and incoming claim mappings

Module 6: Deploying ADFS Using Federated WebSSO with Forest Trust

This module helps students understand where it would be appropriate to deploy ADFS using the Federated WebSSO with Forest Trust option and describes the key drivers and benefit of its implementation. Students will practice configuring a simple business-to-employees (B2E) deployment of ADFS using the Federated WebSSO with Forest Trust option.

Lessons

  • Preparing to Use a Forest Trust
  • Configuring ADFS to Use a Forest Trust

After completing this module, students will be able to:

  • Understand where it would be appropriate to deploy ADFS using the Federated WebSSO with Forest Trust option and describe the key drivers and benefit of its implementation
  • Configure a simple B2E deployment of ADFS using the Federated WebSSO with Forest Trust

Module 7: Deploying ADFS in a B2C Scenario Using ADAM and WebSSO

This module examines the WebSSO deployment option for use in B2E or B2C environments. Students will learn how to prepare a server to host the federation service proxy (FSP), and install the FSP. Students will also learn how to configure the FSP to authenticate against ADAM and perform claims extractions.

Lessons

  • Installing a Federation Service Proxy
  • Implementing an ADAM Account Store

After completing this module, students will be able to:

  • Prepare a server computer to host the federation service proxy, and install the FSP
  • Configure the FSP to authenticate against ADAM and perform claims extractions

Module 8: Using AzMan With ADFS

This module describes what AzMan is and how it is used to control the authorization of users to access resources. The module also explains how to configure groups, roles and operations in AzMan.

Lessons

  • Authorization Using AzMan
  • Configuring AzMan to Work with ADFS

After completing this module, students will be able to:

  • Describe what AzMan is and how it is used to control the authorization of users to access resources
  • Describe how to configure groups, roles and operations in AzMan

Module 9: Troubleshooting ADFS

This module provides methods for students to diagnose problems that can happen during setup or configuration and find solutions to those problems.

Lessons

  • Troubleshooting Considerations
  • Tracing HTTP Traffic and Auditing ADFS

After completing this module, students will be able to:

  • Describe the categories of problems that can occur in an ADFS environment and some specific issues relating to setup and configuration
  • Describe how to configure auditing for the federation servers and explain the events sent to the application log and security logs, both during normal operation, and when errors occur
  • Use the ieHTTPHeaders capture tool to understand the normal Web traffic during a successful ADFS operation, so that erroneous traffic – should it ever occur – can be recognized and rectified
  • Describe how to configure event logging and debug logging on each of the ADFS components

Module 10: ADFS and Interoperability

This module explains issues concerning integration and interoperation. It describes some non-Microsoft federation products with which ADFS can interoperate. This module also explains how ADFS and Shibboleth can be configured to work together.

Lessons

  • WS-Federation and Interoperability
  • ADFS and Shibboleth

After completing this module, students will be able to:

  • Describe the issues concerning integration and interoperation
  • List some non-Microsoft federation products with which ADFS can interoperate
  • Describe and explain how ADFS and Shibboleth can be configured to work together in a seamless fashion

Before attending this course, students must have:

  • Basic understanding of networking.
  • Intermediate understanding of network operating systems.
  • An awareness of security best practices.
  • Basic knowledge of server hardware.
  • A+ or equivalent knowledge.
  • Some experience creating objects in Active Directory.
  • Foundation course (6424A) or equivalent knowledge

Course Reviews

No reviews found for this course.

Be the first to write a review