Identity Junkie is back on the air with it’s first post, check it out! It covers the concepts of using UAG to publish the FIM portal using a Federated model. To be clear, this isn’t “how do I authenticate to FIM without an AD account”, it’s “how do I authenticate to the FIM portal when my request is originating from an extranet”. To quote Chris:
Where is this applicable? Say you have a resource forest where FIM resides so how do you provide access to the portal from autonomous security realms without having to create a bunch of NT trusts or maintaining secondary credentials. Because shadow accounts exist within the resource forest as security principals for dependent services (for example BPOS or O365), you can leverage UAG, ADFS, and KCD together to provide secure access. UAG is claims-aware and supports Kerberos protocol extensions for (1) protocol transitioning and (2) constrained delegation.
Federating FIM 2010 using UAG/ADFS and KCD - Identity.Junkie() - Site Home - TechNet Blogs
0 comments:
Post a Comment