16 min read

Windows Azure Pack Authentication Part 1

Recently Microsoft released their on-premise Private Cloud offering called Windows Azure Pack for Windows Server. Windows Azure Pack for Windows Server is a collection of Windows Azure technologies, available to Microsoft customers at no additional cost for installation into your data center. It runs on top of Windows Server 2012 R2 and System Center 2012…

5 min read

Whitepaper: Active Directory from on-premises to the cloud

A new whitepaper was released last Friday (Jan 11/2013) that discusses all the various options for dealing with identity in cloud, on-premise, and hybrid environments: Active Directory from on-premises to the cloud. It takes a look at how Windows Azure Active Directory is making a play for cloud identity, as well as how it works…

17 min read

Windows Azure Active Directory Federation In Depth (Part 2)

In my last post I talked a little bit about the provisioning and federation processes for Office 365 and Windows Azure Active Directory (WAAD). This time around I want to talk a little bit about how the various pieces fit together when federating an on premise Active Directory environment with WAAD and Office 365. You…

8 min read

Introduction to Windows Azure Active Directory Federation Part 1

Earlier this week Microsoft released some interesting numbers regarding Windows Azure Active Directory (WAAD) authentication. Since the inception of the authentication service on the Windows Azure platform in 2010, we have now processed 200 BILLION authentications for 50 MILLION active user accounts. In an average week we receive 4.7 BILLION authentication requests for users in…

5 min read

Adjusting the Home Realm Discovery page in ADFS to support Email Addresses

Over on the Geneva forums a question was asked: Does anyone have an example of how to change the HomeRealmDiscovery Page in ADFSv2 to accept an e-mail address in a text field and based upon that (actually the domain suffix) select the correct Claims/Identity Provider? It’s pretty easy to modify the HomeRealmDiscovery page, so I…

4 min read

Adding ADFS as an Identity Provider in ACS v2

Ever have one of those days where you swear that you’ve written something, but can’t find it?  I could have sworn that I wrote this article before.  Ah well. – It makes a lot of sense to use ACS to manage Identity Providers.  It also makes sense to use Active Directory for letting users sign…

4 min read

Custom Management Accounts for Windows Azure Access Control Service

When you start working with Windows Azure in your spare time there are quite a few things that you miss. I knew that it was possible to manage Windows Azure with multiple accounts, but since I was the only one logging into my instance, I never bothered to look into it.  Well as it turns…

7 min read

Creating a Claims Provider Trust in ADFS 2

One of the cornerstones of ADFS is the concept of federation (one would hope anyway, given the name), which is defined as a user’s authentication process across applications, organizations, or companies.  Or simply put, my company Contoso is a partner with Fabrikam.  Fabrikam employees need access to one of my applications, so we create a…

3 min read

Plugging Application Authentication Leaks in ADFS

When you set up ADFS as an IdP for SAML relying parties, you are given a page that allows you to log into the relying parties.  There is nothing particularly interesting about this fact, except that it could be argued that the page allows for information leakage.  Take a look at it: There are two…

11 min read

Windows Domain Authentication on Windows Phone 7

One of the projects that’s been kicking around in the back of my head is how to make Windows Phone 7 applications able to authenticate against a Windows domain.  This is a must have for enterprise developers if they want to use the new platform. There were a couple ways I could do this, but…