Implementing Active Directory Federation Services 2.0

Course Description

In this course, you will gain the knowledge and skills to install and configure Active Directory Federation Services 2.0 (AD FS). You will focus on terminology, user interfaces, and common configuration scenarios for AD FS. You will discover how to design AD FS environments and AD FS for security and high availability, and you will learn to design and configure Public Key Infrastructure (PKI), a supporting technology.

Skills Gained

• Key concepts and terminology relating to AD FS 2.0
• Install and configure Windows prerequisites for AD FS 2.0
• Install and configure PKI for AD FS 2.0
• Deploy AD FS 2.0 to provide claims-aware authentication in a single organization
• Configure AD FS 2.0 to provide claims-aware authentication in a business-to-business federation
• Design and deploy advanced AD FS 2.0 scenarios, including providing for high availability and Security Assertion Markup Language (SAML) interoperability
• Use the AD FS 2.0 claims rule language to create custom claim rules
• Troubleshoot AD FS 2.0

Who Can Benefit

Windows IT professionals who want to become AD FS enterprise administrators and move into the role of designing AD FS environments

Prerequisites

• Basic understanding of networking and server hardware
• Intermediate understanding of network operating systems
• Awareness of security best practices

Syllabus

1. Introducing Claims-Based Identity

• Identity Metasystem
• Existing Solutions for Managing Identities
• Benefits of Claims-Based Identity
• Evolution of AD FS
• Use Cases for AD FS
• AD FS and Claims-Based Terminology

2. AD FS Prerequisites

• Windows Prerequisites
• Directory Services
• Active Directory (AD) and Active Directory Lightweight Directory Services (AD LDS)
• Web Services, Standards, and Interoperability
• Internet Information Services

3. Public Key Infrastructure (PKI)

• PKI Basics
• Cryptography
• PKI Design
• Installing and Configuring Certificate Services

4. AD FS 2.0 Components

• Role of the Federation Server
• Claims Types, Endpoints, and Attribute Stores
• AD FS Security
• Role of the Federation Server Proxy
• Administering AD FS
• Windows Identity Foundation (WIF)

5. Claims-Based Authentication in a Single Organization

• Preparing for AD FS in a Single Organization
• Claims and Claim Types
• Claim Rule Templates
• Creating Claim Rules from Templates
• Configuring AD FS in a Single Organization

6. Claims-Based Authentication in a Business-to-Business Federation

• Deploying AD FS in a Federated Environment
• Configuring a Claims Provider Trust
• Home Realm Discovery
• Managing Claims Across Organizations

7. Advanced AD FS Deployment Scenarios

• Implementing the Federation Server Proxy
• Planning for High Availability
• Additional AD FS Configuration Scenarios
• AD FS 2.0 and SAML Interoperability

8. The AD FS Claims Rule Language

• Claims Pipeline and Claims Engine
• Introduction to Claims Rule Language

9. AD FS Troubleshooting

• Configuring AD FS Auditing
• AD FS Troubleshooting
• Tracing AD FS Traffic