Module 1: Integration of traditional ASP.NET Web Sites into Enterprise Security Service Bus (ESSB)
Decoupling cloud services from all the complexity by maintaining a direct relationship with all the identity providers is the topic of this module. Each identity provider can use its own authentication protocol and the authentication results will get normalized and once established will Access Control Services (ACS) care about authentication and authorization including provisioning of a UI for the user to choose among all the recognized identity providers. Claims will be accessible for the application developer as well as for SSO ITPros to establish easy authentication and/or authorization without the necessity to know authentication protocols in detail. Management of different and multiple business identity providers will be handled in a unique fashion without the necessity to write different code. This relationships is called ‘normalizing attributes’ and will be realized by you via the Azure Management APIs.
Lessons
Establish first steps to build an organizational Enterprise Security Service Bus
Create a Relying Party
Establish ACS to delegate authentication
Forwarding every request from unauthenticated users to ACS
Broker authentication
Change access rules in response to programmatic events
Lab : Logon with your VBIC OA
Lab : First step to establish an organizational Enterprise Security Service Bus
Lab : ACS to delegate authentication
Lab : Relying Party
Lab : Forwarding every request from unauthenticated users to ACS
Lab : Brokering authentication
Lab : Change access rules in response to programmatic events
After completing this module, students will be able to:
Hands on create first steps in order to establish an organizational Enterprise Security Service Bus
Create a Relying Party
Establish ACS to delegate authentication
Forward every request from unauthenticated users to ACS
Broker authentication
Change access rules in response to programmatic events
Module 2: Integration of public identity provider into Enterprise Security Service Bus (ESSB)
Advanced procedures aimed to decouple cloud service from all the complexity while maintaining a direct relationship with a multiplicity of identity providers is the core learning unit of this module. Any identity provider can use its own authentication protocol and the authentication results will get normalized and once established will Access Control Services ACS care about authentication and authorization, including providing a UI for the user of this multiple identity SSO system enabling them to choose among all the Azure recognized identity providers. Claims will be accessible for the developer to establish easy authorization without the necessity to know authentication protocols in detail. Management of different and multiple business identity providers will be handled in a unique fashion without the necessity to write different code. This relationship is called ‘normalizing attributes’ and will be realized by you via the Microsoft Azure Portal and the management API. In addition to the exercise already executed that did provide know how to integrate business directories into a Federate Identity meshwork will you now do a selection of the very same steps to task Microsoft Azure to serve users coming from Facebook or Microsoft Live ID if they want to use your web site.
Lessons
Hands-on establish advanced steps to create an organizational Enterprise Security Service Bus
Create a Relying Party
Establish ACS to delegate authentication
Forwarding every request from unauthenticated users to ACS
Lab : Produce a securable resource
Lab : Logon with your VBIC OA
Lab : Input and Output claims transformation
Lab : Brokering Security Token Services from Yahoo and Microsoft
After completing this module, students will be able to:
First step to establish an organizational Enterprise Security Service Bus
Create a Relying Party
Establish ACS to delegate authentication
Forwarding every request from unauthenticated users to ACS
Module 3: Develop and publish applications that integrate with Microsoft Azure Active Directory (MAAD)
In this module a pre-existing Microsoft Azure Active Directory (MAAD) repository is available in VBIC’s virtual classroom, consisting of users to be interfaced to a namespace and released for application to be linked to this Access Control namespace. As a result will the Microsoft Azure Active Directory be available as an (additional) identity provider for any application associated/interfacing with this namespace. Applications that are connected to your access control namespace become interfaced with the VBIC provided Microsoft Azure Active Directory (MAAD). MAAD generated tokens will be transformed into ACS tokens, available for authentication and authorization purposes for user identities, application identities and data identities. You’ll define the recipient for the success token, signaling a positive authentication event, as a URL address, parameterized as an App. You’ll further define countermeasure preventing man-in-the-middle attacks by defining the App ID URI, by utilizing a control parameter that has to be delivered with the MAAD token. The MAAD user token must be delivered in conjunction with the entityID of the Access Control namespace, otherwise ACS would interpret it as a token reused from a man-in-the-middle attack. As ACS does not call the Graph API is there no SSO with read or write access to MAAD at all, just MAAD providing additional identities via token, based on a fixed selection in ACS. Calling MAAD Graph API and establishing a global SSO and a multitenant Single Sign-Up read or write access to MAAD is covered in Course 55086AC – Enterprise SSO – cloud audited deployment for distributed onsite-offsite development.
Lessons
Establish a tokenized communication between Azure Namespaces and WS-Federation sign-in endpoints
Establish a Microsoft Azure Active Directory (MAAD) as an (additional) identity provider for any application associated/interfacing with your namespace
Lab : Logon with your VBIC OA
Lab : Azure Identity Provider via Namespace association
Lab : Establish Azure Active Directory data streams into Name Space connected Applications
Lab : MAAD Graph Database registration as an additional identity provider for your namespace that controls global access and SSO
Lab : MAAD identity providers as SSO for web application
After completing this module, students will be able to:
Establish a tokenized communication between Azure Namespaces and WS-Federation sign-in endpoints
Establish Microsoft Azure Active Directory (MAAD) as an (additional) identity provider for any application associated/interfacing with their namespace
Module 4: Assessment (if time permits): Add French, German, English and Italian as a multilingual integration of traditional ASP.NET Web Sites into your Enterprise Security Service Bus (ESSB)
Add French, German, English and Italian as a multilingual integration of traditional ASP.NET Web Sites into your Enterprise Security Service Bus (ESSB)
Lessons
Code a multilingual Enterprise Security Service Bus (ESSB)
Lab : Logon with your VBIC OA
Lab : Repeat Module 1 from Step 1 until step 146
Lab : Modify Module 1 so your ESSB becomes multilingual and supports local STS claims originating from Italian, French, German and English office locations or customers in these countries.
Lab : Task 4: Inform your instructor and VBIC Help Desk (info@vbic.net) if you have reached step 146 while accomplished Lab 3. Logout and close your RDP session.
After completing this module, students will be able to:
The Assessment is only optional, only if time permits, voluntary at the discretion of the student and does not have a solution folder as there are many ways to achieve the to be assessed target of evaluation and is subject of evaluation by instructor or VBIC staff
If assessment is taken by students will student receive either an assessment from instructor about assessment passing during class or will receive a follow up email for assessment validation result from/by VBIC staff, 5 days after last day of class.
