Update Rollup 2 (build 4.0.3606.2) is available for Forefront Identity Manager 2010

Update Rollup 2 is available now and there are lots of goodies available including:

• Extensible Connectivity Management Agent 2 Framework (ECMA 2)  - this is the new XMA framework which removes many of the previous limitations on writing your own MA (now just called Connectors!
  NOTE: If you are upgrading from the RC version of ECMA2 then you will have some manual steps; please see the KB article for more info
• Password Reset (via FIM Sync) obeys the UserCannotChangePassword flag in AD – self-service resets will now obey this setting
• Rules extensions now support .NET 4.0 – compile your projects targeted for .NET 4
• SQL Wildcard update in build 4.0.3594.2 has been reversed – support for underscore, percent and square bracket are back in same as the previous 4.0.3576.2 build
• Set Partitioning and Tabular Functions – this feature fixes some scalability issues with large complex “OR” filters in dynamic groups and sets;
  NOTE: You will need to execute a stored procedure to enable this, refer to the KB article for more information

Update Rollup 2 (build 4.0.3606.2) is available for Forefront Identity Manager 2010

Forefront Identity Manager 2010 R2 Release Candidate Now Available

Cross-posting from the Server and Cloud blog:

Microsoft is pleased to announce the availability of Forefront Identity Manager 2010 R2 release candidate. It is available for download from Microsoft Connect, as described below.

This release candidate includes new and updated features for FIM 2010 R2:

• Historical reporting using integration to the System Center Service Manager data warehouse
• Web-based Self-Service Password Reset
• Scale and performance improvements
• Outlook® 2010 support for the FIM add-ins and extensions and SharePoint® 2010 support for the FIM Portal

In particular, this release candidate introduces numerous functional improvements, including:

• New authentication gates for self-service password reset
• Additional reports
• Extensible Connectivity Management Agent 2

For complete information, see the Release Notes and feature-specific documents.

If you have already joined the FIM 2010 Community Evaluation Program or downloaded the beta, you can obtain FIM 2010 R2 RC from the FIM 2010 Connect web site. The downloads link is in the left column.

To join the program and download the software, click here. Once you answer the survey questions, the Connect site will auto-approve your access.

Thanks,

Mark Wahl

Principal Program Manager

Forefront Identity Manager 2010 R2 Release Candidate Now Available - Microsoft Server and Cloud Platform Blog - Site Home - TechNet Blogs

UAG “Activation will start soon” stuck when joining a node to the array

This one terrorized me all day and just wouldn’t go away no matter what I did:

As it turns out, this is a symptom of having your nodes on different patch levels of UAG. The first node was SP1 with Update 1 while the second node only had SP1 applied. After applying Update 1 to the second node the array converged once I activated the configuration again.

I borrowed the following list from Ben Ari’s blog:

Here are some links that are related to these released:

• Download UAG SP1
• Information about UAG SP1 Rollup 1
• Download UAG SP1 Update 1
• Download TMG SP2
• Instructions for installing UAG SP1 Update 1 (this is important especially if you are installing on an Array!)
• Updated list of clients supported by UAG SP1 Update 1
• What’s new in UAG SP1 Update 1
• Release notes for UAG SP1 Update 1
• What’s new in TMG SP2
• Release notes for TMG SP2

FIM 2010 R2 Beta Feedback Requested

If you aren’t already working with the R2 Beta release of FIM 2010, please download and check it out and then provide feedback in the public forums as to what you like and what you don’t like. Given that this is still the beta release, there is time to get your feature requests heard!

To access the R2 Beta you will need to sign-in to Connect, Microsoft’s site for evaluating and providing feedback on early or pre-released software. You just need a Windows Live ID to sign-in and create your profile. Once you sign-in to the site you’ll be able to browse a list of products accepting feedback or bugs and add those products to your dashboard by clicking Join.

Step-by-Step

(Lifted from Peter Geelen’s post)

You can access the site one of two ways:

1. By following this link: https://connect.microsoft.com/site433/SelfNomination.aspx?ProgramID=6639&pageType=1, OR
2. Logging into Connect
   1. Browse the Directory for Forefront Identity Manager.
   2. Click on the Join link on the topics you wish to join
   3. Answer the survey questions and then click Submit; this auto-approves you for the Beta connection
   4. Click the Downloads link in the left column

At the download section, you’ll find the following items:

• the FIM 2010 R2 Beta
• the FIM2010 ECMA2 Beta
• Outlook file for FIM CEP Online Meeting Series

As you are evaluating the products, we encourage you to discuss feedback in the forum, but to take the time to open bugs in the Feedback Center of the FIM Connect site. These bugs are triaged directly by the FIM Product Group so it’s important to file them. Use the forum to ask clarifying questions around configuration and experience and please share your positive and negative feedback about your experiences with the betas there.

SaaS and Identity Silos–the new Wolf in Sheep’s Clothing

To borrow another metaphor, the old phrase:

“Beware of Greeks bearing gifts”

…is reborn now as:

“Beware of SasS vendors bearing identity”

In this age of pushing our solutions to the cloud we need to be careful in adopting solutions that involve standing up another identity silo. Having another username and password is a time honored solution to most new applications but in this day and age is no longer acceptable. Stress to your SasS vendors that you need flexibility to:

• Federate with an external Identity Provider (i.e. your enterprise identity)
• Federate with a consumer Identity Provider (i.e. your Facebook/Yahoo/Google/Live identity)

There are certainly cases where SaaS vendors will need to provide both a solution for local username and password (small businesses for example) yet need the forethought to support extended federation scenarios for larger customers.

Another item that SaaS vendors are not immune to is the challenge of profile synchronization. Whenever an application must maintain preference or demographic data (name, title, menu preferences, etc) about you it must either keep that in a local store or rely on all of that data to arrive each time as part of the incoming claim set. In some cases, it’s simply not practical to do everything in the claim as it’s not the Identity Provider’s job to remember preferences for individual applications. The thing to remember here is that the profile data in the cloud must be created and maintained through some process. Look for options other than the manual ones to automate this.

True Single Sign-On

My customer really liked something I had said the other day while discussing strategy around Identity and Access Management. The concept of SSO kept coming up, in dialog as well as in industry briefs on the topic, which we were reviewing, and I basically said,

“SSO isn’t a product you buy, it’s the by-product of a well architected Identity and Access Management strategy.”

That statement has begun to resonate and for good reason. While even I cannot deny that SSO products have their place, I disagree that it should be the first stop in your decision making process. Use an SSO product when you simply have no other choice. There are other options that can reduce complexity as well as the number of logon prompts.