2 minutes read

Windows Azure Pack Authentication Part 3.5 – Using ADFS

Since we looked at using a custom IdP for Windows Azure Pack last time I figured it would be good to explicitly list some resources for those looking to use ADFS instead as that’s a fairly common scenario people are exploring. Building Clouds Federated Identities to Windows Azure Pack through AD FS – Part 1 of 3: http://blogs.technet.com/b/privatecloud/archive/2013/12/17/federated-identities-to-windows-azure-pack-through-ad-fs-part-1-of-3.aspx Federated Identities to Windows Azure Pack through AD FS – Part 2 of 3: http://blogs.technet.com/b/privatecloud/archive/2013/12/17/federated-identities-to-windows-azure-pack-through-ad-fs-part-2-of-3.aspx Federated Identities to Windows Azure Pack through AD FS – Part 3 of 3: http://blogs.technet.com/b/privatecloud/archive/2013/12/18/federated-identities-to-windows-azure-pack-through-ad-fs-part-3-of-3.aspx TechNet Configure Active Directory Federation Services for Windows Azure Pack: http://technet.microsoft.com/en-us/library/dn296436.aspx Windows…

17 minutes read

Windows Azure Active Directory Federation In Depth (Part 2)

In my last post I talked a little bit about the provisioning and federation processes for Office 365 and Windows Azure Active Directory (WAAD). This time around I want to talk a little bit about how the various pieces fit together when federating an on premise Active Directory environment with WAAD and Office 365. You can find lots of articles online that talk about how to configure everything, but I wanted to dig a little deeper and show you why everything is configured the way it is. Out of the box a Windows Azure Active Directory tenant manages users for…

8 minutes read

Introduction to Windows Azure Active Directory Federation Part 1

Earlier this week Microsoft released some interesting numbers regarding Windows Azure Active Directory (WAAD) authentication. Since the inception of the authentication service on the Windows Azure platform in 2010, we have now processed 200 BILLION authentications for 50 MILLION active user accounts. In an average week we receive 4.7 BILLION authentication requests for users in over 420 THOUSAND different domains. […] To put it into perspective, in the 2 minutes it takes to brew yourself a single cup of coffee, Windows Azure Active Directory (AD) has already processed just over 1 MILLION authentications from many different devices and users around…

1 minute read

Windows Azure Access Control Service Announcements

This seems to have made the rounds yesterday and today. The Windows Azure ACS team decided to extend the promotional period to December 20th 2012. In other words, free for the next year. Sweet! I can’t say it was on my Christmas wish list, but it certainly is a great little gift. Also, ACS v1 is being deprecated the same day. Curiously, that was on my wish list. ACS 1.0 will be officially taken offline on December 20, 2012. This 12 month period along with the ACS 1.0 Migration Tool allows customers with ACS 1.0 namespaces to proactively migrate to…

4 minutes read

Adding ADFS as an Identity Provider in ACS v2

Ever have one of those days where you swear that you’ve written something, but can’t find it?  I could have sworn that I wrote this article before.  Ah well. — It makes a lot of sense to use ACS to manage Identity Providers.  It also makes sense to use Active Directory for letting users sign in to your cloud application.  Therefore we would hope that ACS and ADFS play nicely together.  It turns out they do.  in a previous post I talked about federating ACS and ADFS, where ACS is an identity provider to ADFS.  Now lets reverse it.  We…

4 minutes read

Custom Management Accounts for Windows Azure Access Control Service

When you start working with Windows Azure in your spare time there are quite a few things that you miss. I knew that it was possible to manage Windows Azure with multiple accounts, but since I was the only one logging into my instance, I never bothered to look into it.  Well as it turns out, I needed to be able to manage Azure from a separate Live ID.  It’s pretty simple to do.  You get into your subscription, navigate to User Management under the Hosted Services tab, and then you add a new Co-Admin. Turns out that you can’t…

7 minutes read

Creating a Claims Provider Trust in ADFS 2

One of the cornerstones of ADFS is the concept of federation (one would hope anyway, given the name), which is defined as a user’s authentication process across applications, organizations, or companies.  Or simply put, my company Contoso is a partner with Fabrikam.  Fabrikam employees need access to one of my applications, so we create a federated trust between my application and their user store, so they can log into my application using their internal Active Directory.  In this case, via ADFS. So lets break this down into manageable bits.  First we have our application.  This application is a relying party…

7 minutes read

Windows Azure Access Control Services Federation with Facebook

Sometime in the last few years Facebook has gotten stupidly popular.  Given the massive user base, it actually makes a little bit of sense to take advantage of the fact that you can use them as an identity provider.  Everyone has a Facebook account (except… me), and you can get a fair bit of information out of it on the user. The problem though is that it uses OpenAuth, and I, of course, don’t like OpenAuth.  This makes it very unlikely for me to spend any amount time working with the protocol, and as such wouldn’t jump at the chance…

3 minutes read

Windows Azure ACS v2 Mix Announcement

Part of the Mix11 announcement was that ACS v2 was released to production.  It was actually released last Thursday but we were told to keep as quiet as possible so they could announce it at Mix.  Here is the marketing speak: The new ACS includes a plethora of new features that customers and partners have been asking with enthusiasm: single sign on from business and web identity providers, easy integration with our development tools, support for both enterprise-grade and web friendly protocols, out of the box integration with Facebook, Windows Live ID, Google and Yahoo, and many others. Those features…

1 minute read

Windows Azure Access Control Services v2 RTW

So how do you know when Windows Azure Access Control Services has upgraded to V2?  You get federation metadata… Or you follow the Windows Azure App Fabric team blog! I have been waiting MONTHS for this release, begging and pleading with Microsoft to get more information on when the big day would come.  Needless to say I am super excited! This version adds: Federation provider and Security Token Service (FINALLY!) Out of box federation with Active Directory Federation Services 2.0, Windows Live ID, Google, Yahoo, Facebook New authorization scenarios Delegation using OAuth 2.0 Improved developer experience New web-based management portal…