Comments for Dominik's Cloud Security Blog http://blog.gocloud-security.ch A Swiss blog about Microsoft's Security & Identity and Access Management solutions for Private and Public Clouds Thu, 16 Feb 2012 21:52:25 +0000 hourly 1 http://wordpress.org/?v=3.2.1 Comment on Windows Azure Active Directory by Microsoft's Windows Azure Active Directory plans takes shape | ZDNet http://blog.gocloud-security.ch/2011/12/12/windows-azure-active-directory/#comment-3245 Microsoft's Windows Azure Active Directory plans takes shape | ZDNet Thu, 16 Feb 2012 21:52:25 +0000 http://blog.gocloud-security.ch/2011/12/12/windows-azure-active-directory/#comment-3245 [...] Windows Azure Active Directory — or WAAD (ugh!) — name via a December post I found on Dominik’s Cloud Security Blog). But the Softies have been dropping hints about plans to step up rights and management policies [...] [...] Windows Azure Active Directory — or WAAD (ugh!) — name via a December post I found on Dominik’s Cloud Security Blog). But the Softies have been dropping hints about plans to step up rights and management policies [...]

]]> Comment on FIM 2010 and Exchange 2010 Provisioning by Update: FIM 2010 and Exchange 2010 Provisioning | Dominik's Cloud Security Blog http://blog.gocloud-security.ch/2010/05/13/fim-2010-and-exchange-2010-provisioning/#comment-2750 Update: FIM 2010 and Exchange 2010 Provisioning | Dominik's Cloud Security Blog Fri, 23 Dec 2011 07:58:47 +0000 http://blogs.ecreation.ch/2010/05/13/FIM2010AndExchange2010Provisioning.aspx#comment-2750 [...] year, I wrote a first blog (http://blog.gocloud-security.ch/2010/05/13/fim-2010-and-exchange-2010-provisioning) about Exchange 2010 provisioning with FIM 2010 (codeless or not). Now, I’m currently working on [...] [...] year, I wrote a first blog (http://blog.gocloud-security.ch/2010/05/13/fim-2010-and-exchange-2010-provisioning) about Exchange 2010 provisioning with FIM 2010 (codeless or not). Now, I’m currently working on [...]

]]> Comment on WIF Extension for the SAML 2.0 Protocol by Luis Carrión http://blog.gocloud-security.ch/2011/05/20/wif-extension-for-the-saml-2-0-protocol/#comment-1212 Luis Carrión Mon, 17 Oct 2011 15:28:55 +0000 http://blogs.ecreation.ch/2011/05/20/wif-extension-for-the-saml-2-0-protocol/#comment-1212 We are trying to use this extension in our application, this works fine if we use web app, but we have problem if we put my web app in a Azure Web Role, apparently it can't redirect to my default page in azure emulator. Appreciated your help We are trying to use this extension in our application, this works fine if we use web app, but we have problem if we put my web app in a Azure Web Role, apparently it can’t redirect to my default page in azure emulator. Appreciated your help

]]> Comment on WIF Extension for the SAML 2.0 Protocol by Atef Abdou http://blog.gocloud-security.ch/2011/05/20/wif-extension-for-the-saml-2-0-protocol/#comment-802 Atef Abdou Fri, 26 Aug 2011 17:42:43 +0000 http://blogs.ecreation.ch/2011/05/20/wif-extension-for-the-saml-2-0-protocol/#comment-802 I have been using the extension since day 1 and while generally it has worked well , I find one major issue. That of being able to have certs outside of the xml file. We need to be Fibs complaint , which means the XML or even same machine will not fly. I have replaced the ServiceTokenResolver (through the service configuration and that works. The issue is with IDP initiated logout or SP initiated login. In both cases the module tries to get the cert ( which there is none from the config) and fails. While I have been able to take care of that from the sp initiated login, created my own method . I cannot do that in the IDP Initiated logout. In that case the logout request is handled properly and a logout response is trying to be sent, however there is no cert associated and there is no way to hook into this. The issue arises from the message decoder (which is unfortunately a privet member with no accessory ,_messageDecorator in saml2authentication module ) the value for this decoder is only created once , in the constructor, where the cert is read from the config file. Thus if nothing in the config it does not work, no matter what you do with the servicetokenresolver,. Any way of getting this fixed. Thank you I have been using the extension since day 1 and while generally it has worked well , I find one major issue. That of being able to have certs outside of the xml file. We need to be Fibs complaint , which means the XML or even same machine will not fly. I have replaced the ServiceTokenResolver (through the service configuration and that works. The issue is with IDP initiated logout or SP initiated login. In both cases the module tries to get the cert ( which there is none from the config) and fails. While I have been able to take care of that from the sp initiated login, created my own method . I cannot do that in the IDP Initiated logout. In that case the logout request is handled properly and a logout response is trying to be sent, however there is no cert associated and there is no way to hook into this. The issue arises from the message decoder (which is unfortunately a privet member with no accessory ,_messageDecorator in saml2authentication module ) the value for this decoder is only created once , in the constructor, where the cert is read from the config file. Thus if nothing in the config it does not work, no matter what you do with the servicetokenresolver,. Any way of getting this fixed.

Thank you

]]> Comment on Forefront UAG Service Pack 1 by Rajnikanth http://blog.gocloud-security.ch/2010/10/28/forefront-uag-service-pack-1/#comment-303 Rajnikanth Thu, 23 Jun 2011 08:23:54 +0000 http://blogs.ecreation.ch/2010/10/28/ForefrontUAGServicePack1.aspx#comment-303 Hi Dom, need link to download UAG 2010 with SP1. Thanks Rajni Hi Dom,

need link to download UAG 2010 with SP1.

Thanks
Rajni

]]> Comment on AD FS 2.0 Attribute Store for Forefront Identity Manager by dzemp http://blog.gocloud-security.ch/2011/01/31/ad-fs-2-0-attribute-store-for-forefront-identity-manager/#comment-190 dzemp Fri, 03 Jun 2011 14:03:17 +0000 http://blogs.ecreation.ch/2011/01/31/ADFS20AttributeStoreForForefrontIdentityManager.aspx#comment-190 User provisioning is the business of Forefront Identity Manager (FIM) 2010. You have to use and configure a Management Agent (MA) to synchronize your on-premise Active Directory identities to Google App Directory. FIM integrates different MAs, but not sure which one you have to use for the Google App Directory (on which system/technology does Google App Directory consist of? Web Services, LDAP, ...??). Hope it helps... User provisioning is the business of Forefront Identity Manager (FIM) 2010. You have to use and configure a Management Agent (MA) to synchronize your on-premise Active Directory identities to Google App Directory. FIM integrates different MAs, but not sure which one you have to use for the Google App Directory (on which system/technology does Google App Directory consist of? Web Services, LDAP, …??).

Hope it helps…

]]> Comment on AD FS 2.0 Attribute Store for Forefront Identity Manager by Osama Mirza http://blog.gocloud-security.ch/2011/01/31/ad-fs-2-0-attribute-store-for-forefront-identity-manager/#comment-189 Osama Mirza Fri, 03 Jun 2011 13:39:23 +0000 http://blogs.ecreation.ch/2011/01/31/ADFS20AttributeStoreForForefrontIdentityManager.aspx#comment-189 Do you know which of the above mentioned products can do user provisioning (synchronize our Active Directory users to Google App Directory) ? Do you know which of the above mentioned products can do user provisioning (synchronize our Active Directory users to Google App Directory) ?

]]> Comment on [Updated]UAG DirectAccess and failed RSA SecurID Authentication by Jason Jones http://blog.gocloud-security.ch/2011/01/27/updateduag-directaccess-and-failed-rsa-securid-authentication/#comment-8 Jason Jones Thu, 27 Jan 2011 23:10:01 +0000 http://blogs.ecreation.ch/2011/01/27/UpdatedUAGDirectAccessAndFailedRSASecurIDAuthentication.aspx#comment-8 I wrote this article a while ago for RSA and UAG: http://blog.msedge.org.uk/2010/01/enabling-rsa-securid-authentication-in.html which covers this important step...I think I also received an email from someone recently about this, maybe it was the same guy! :) I wrote this article a while ago for RSA and UAG: http://blog.msedge.org.uk/2010/01/enabling-rsa-securid-authentication-in.html which covers this important step…I think I also received an email from someone recently about this, maybe it was the same guy! :)

]]> Comment on Forefront UAG Service Pack 1 by Dominik http://blog.gocloud-security.ch/2010/10/28/forefront-uag-service-pack-1/#comment-10 Dominik Mon, 22 Nov 2010 21:48:08 +0000 http://blogs.ecreation.ch/2010/10/28/ForefrontUAGServicePack1.aspx#comment-10 Hi Sinkie TechNet is your friend. :-) http://technet.microsoft.com/en-us/library/gg295325.aspx Hi Sinkie

TechNet is your friend. :-)

http://technet.microsoft.com/en-us/library/gg295325.aspx

]]> Comment on Forefront UAG Service Pack 1 by Sinkie http://blog.gocloud-security.ch/2010/10/28/forefront-uag-service-pack-1/#comment-9 Sinkie Thu, 11 Nov 2010 13:27:10 +0000 http://blogs.ecreation.ch/2010/10/28/ForefrontUAGServicePack1.aspx#comment-9 Hi Dominik, Your blog is just one of the few mentioning UAG support for ADFS V2.0. Do you happen to have a description available of how to actually configure UAG 2010 SP1 using ADFS V2.0? Regards, Art Hi Dominik,

Your blog is just one of the few mentioning UAG support for ADFS V2.0.
Do you happen to have a description available of how to actually configure UAG 2010 SP1 using ADFS V2.0?

Regards,

Art

]]>