M50412: Implementing Active Directory Federation Services 2.0

$2,595.00


  • Virtual Classroom

  • Onsite
Duration: 4 Days

In this course, you will gain the knowledge and skills to install and configure Active Directory Federation Services 2.0 (AD FS). You will focus on terminology, user interfaces, and common configuration scenarios for AD FS. You will discover how to design AD FS environments and AD FS for security and high availability, and you will learn to design and configure Public Key Infrastructure (PKI), a supporting technology.

Proven Impact Exclusive!

Continue developing your skills after class with 24/7 access to our live remote labs for six months, providing you with valuable extra time for hands-on practice.

What You Will Learn

 

  • Key concepts and terminology relating to AD FS 2.0
  • Install and configure Windows prerequisites for AD FS 2.0
  • Install and configure PKI for AD FS 2.0
  • Deploy AD FS 2.0 to provide claims-aware authentication in a single organization
  • Configure AD FS 2.0 to provide claims-aware authentication in a business-to-business federation
  • Design and deploy advanced AD FS 2.0 scenarios, including providing for high availability and Security Assertion Markup Language (SAML) interoperability
  • Use the AD FS 2.0 claims rule language to create custom claim rules
  • Troubleshoot AD FS 2.0

Audience

 

Windows IT professionals who want to become AD FS enterprise administrators and move into the role of designing AD FS environments

Prerequistes

 

  • Basic understanding of networking and server hardware
  • Intermediate understanding of network operating systems
  • Awareness of security best practices

Course Outline

 

1. Introducing Claims-Based Identity

  • Identity Metasystem
  • Existing Solutions for Managing Identities
  • Benefits of Claims-Based Identity
  • Evolution of AD FS
  • Use Cases for AD FS
  • AD FS and Claims-Based Terminology

2. AD FS Prerequisites

  • Windows Prerequisites
  • Directory Services
  • Active Directory (AD) and Active Directory Lightweight Directory Services (AD LDS)
  • Web Services, Standards, and Interoperability
  • Internet Information Services

3. Public Key Infrastructure (PKI)

  • PKI Basics
  • Cryptography
  • PKI Design
  • Installing and Configuring Certificate Services

4. AD FS 2.0 Components

  • Role of the Federation Server
  • Claims Types, Endpoints, and Attribute Stores
  • AD FS Security
  • Role of the Federation Server Proxy
  • Administering AD FS
  • Windows Identity Foundation (WIF)

5. Claims-Based Authentication in a Single Organization

  • Preparing for AD FS in a Single Organization
  • Claims and Claim Types
  • Claim Rule Templates
  • Creating Claim Rules from Templates
  • Configuring AD FS in a Single Organization

6. Claims-Based Authentication in a Business-to-Business Federation

  • Deploying AD FS in a Federated Environment
  • Configuring a Claims Provider Trust
  • Home Realm Discovery
  • Managing Claims Across Organizations

7. Advanced AD FS Deployment Scenarios

  • Implementing the Federation Server Proxy
  • Planning for High Availability
  • Additional AD FS Configuration Scenarios
  • AD FS 2.0 and SAML Interoperability

8. The AD FS Claims Rule Language

  • Claims Pipeline and Claims Engine
  • Introduction to Claims Rule Language

9. AD FS Troubleshooting

  • Configuring AD FS Auditing
  • AD FS Troubleshooting
  • Tracing AD FS Traffic

Course Labs

 

Lab 1: Familiarize Yourself with the Lab Environment

  • Access Servers Using Hyper-V
  • Access Servers Using Remote Desktop

Lab 2: Install Windows Prerequisites for AD FS 2.0

  • Configure Domain Name System (DNS) Forwarders
  • Configure a Sample WIF Application

Lab 3: Install and Configure a PKI

  • Install and Configure an Enterprise Root CA in the A. Datum AD
  • Configure an SSL Certificate for the Web Server
  • Import Certificates in the Necessary Locations

Lab 4: Install AD FS Server

  • Install AD FS on ADATUM-DC1
  • Install AD FS on CONTOSO-DC1

Lab 5: Configure Claims-Based Authentication in a Single Organization

  • Prepare CONTOSO-DC1 with Certificates and Claim Rules
  • Configure the Sample WIF SDK Application Using FedUtil.exe
  • Configure a Relying Party Trust to the WIF SDK Sample Application
  • Configure Claims-Aware Access to SharePoint 2010

Lab 6: Configure Claims-Based Authentication in a Business-to-Business Federation

  • Configure the WIF Sample Application for B2B Federated WebSSO
  • Configure SharePoint 2010 for Federated WebSSO Access

Lab 7: Advanced AD FS Deployment Scenarios

  • Install and Configure the AD FS Proxy
  • Install and Configure an AD LDS Attribute Store

Lab 8: The AD FS Claims Rule Language

  • Create Rules Using the Claim Rule Language
  • Query an AD FS Attribute Store

Lab 9: AD FS Troubleshooting

  • AD FS Troubleshooting Information
  • AD FS Web Browser Traffic