My city is famous around the globe because of Hampton Court Palace. It was redeveloped by Cardinal Thomas Wolsey, and in 1529, the famous king Henry VIII seized the palace; and until 1760, it used to be a royal residence for kings and queens. One side of the palace is protected by the river Thames and the palace itself is further surrounded by high walls. Life in the palace is protected by these strong walls. In and out to the palace been controlled by guards. Even in an attack, it is not easy to bring down a castle as they always get the benefits of strong walls. Castles create a big gap between the outside world and the life inside.
The days of castles are gone now, we no longer live in the similar small world. We are living in a society where everyone is connected. In cities, we no longer see the high, strong walls like in the castles before. The well-connected society gives a lot of benefits to human beings, but it's not the only outcome. I am writing this chapter just less than 48 hours after the London Westminster terrorist attack. London is a city where we welcome everyone. It's a great, strong city, but this connected society brings vulnerabilities from time to time.
Modern businesses operation boundaries are no longer in a closed or isolated mode. As an example, from on-premises applications, organizations are moving into cloud-based versions. Computer workloads are moving to public or hybrid cloud infrastructures. All these different systems are also bounds to authentication and authorization.
In the AD environment, most of the systems or applications can be integrated with it, and they use one username and password to access systems (single sign-on). When we extend the identity infrastructure boundaries, we may start to loose control over it, as these system identities are managed by vendors or other organizations.
Therefore, it usually can ends up having different user accounts and passwords to log in to different systems. From the end user's perspective, it's just different accounts for different systems, but from the service provider's perspective, it's more than that.
Imagine that we have an application developed in-house, and we want to sell it as a service. External users need to access it and in order to authenticate, we have to create a username and password for every one of them. Setting an account is not the only thing we need to consider; when we create account, it becomes a part of our identity infrastructure. We need to make sure it's secured and only has access to that particular application. All of a sudden, the identity management got new challenges, and if it's not handled appropriately, it can bring vulnerabilities to the whole system. Instead of mixing identities in such scenarios, Active Directory Federation Services (AD FS) allows businesses to manage their own identity infrastructures and use claim-based authentication to the resources. So, users do not need to use a separate login to access, and the resource owners do not need to keep managing identities for external users. In this chapter, you are going to learn about the following:
- What is AD FS and how does it work?
- AD FS components and how to use them in the AD FS setup
- AD FS deployment and management
- MFA in action
- Integrating with Microsoft Azure