http://myitforum.com/cs2/blogs/forefrontsecurity/archive/tags/Federation/claims/default.aspxTags: Federation, claimsenCommunityServer 2007.1 SP2 (Build: 31113.47)http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2011/08/16/provide-access-to-your-partner-on-your-uag-portal-with-adfs-2-0.aspxTue, 16 Aug 2011 07:58:00 GMT8e8f7986-475c-475d-bdc9-a1b3a63b955b:158861forefrontsecurity0http://myitforum.com/cs2/blogs/forefrontsecurity/rsscomments.aspx?PostID=158861http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2011/08/16/provide-access-to-your-partner-on-your-uag-portal-with-adfs-2-0.aspx#comments<p>Hi,</p> <p>As Hicham already demonstrate, you can add Claims Provider Trust on your Federation Server. His example is a Federation with Azure services, but you can do the same with a Federation Partner. Have a look at this article : <a title="http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2011/08/05/authenticating-to-your-network-through-your-online-credentials.aspx" href="http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2011/08/05/authenticating-to-your-network-through-your-online-credentials.aspx">http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2011/08/05/authenticating-to-your-network-through-your-online-credentials.aspx</a></p> <p>Let’s assume that the Labiam Corporation wants to allow access on his UAG Portal to the UAG.com company. Both have a Federation Service.</p> <p><a href="http://myitforum.com/cs2/blogs/forefrontsecurity/image_22D2B05E.png"><img style="background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" title="image" border="0" alt="image" src="http://myitforum.com/cs2/blogs/forefrontsecurity/image_thumb_485C2DBF.png" width="244" height="161" /></a></p> <p>As you can see on the above schema, we have to create a Claims Provider Trust on the LABIAM Federation Server, and add this Federation Server as a Trusted relying Party on the UAG.com Federation Server.</p> <p><a href="http://myitforum.com/cs2/blogs/forefrontsecurity/image_6732A19D.png"><img style="background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" title="image" border="0" alt="image" src="http://myitforum.com/cs2/blogs/forefrontsecurity/image_thumb_4A497CC8.png" width="244" height="48" /></a></p> <p>With the FederationMetadata URL, it is easy to add this provider</p> <p><a href="http://myitforum.com/cs2/blogs/forefrontsecurity/image_5E629951.png"><img style="background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" title="image" border="0" alt="image" src="http://myitforum.com/cs2/blogs/forefrontsecurity/image_thumb_68478ABC.png" width="213" height="244" /></a></p> <p>Add the necessary claims to the Provider (Windows Account Name, Role …)</p> <p>On the other side, create the Relying Party Trust, and accept the required claims.</p> <p><a href="http://myitforum.com/cs2/blogs/forefrontsecurity/image_54BA2B1B.png"><img style="background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" title="image" border="0" alt="image" src="http://myitforum.com/cs2/blogs/forefrontsecurity/image_thumb_7AAFDB71.png" width="244" height="49" /></a></p> <p>Now, when a user access the UAG Portal, he can choose his repository, and your Partner can access your publications.&#160; </p> <p><a href="http://myitforum.com/cs2/blogs/forefrontsecurity/image_59BC68CA.png"><img style="background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" title="image" border="0" alt="image" src="http://myitforum.com/cs2/blogs/forefrontsecurity/image_thumb_1841B671.png" width="244" height="74" /></a></p> <p>Then you can filter the access to specific application, using the Role Type of Claims (developed in a previous article : <a title="http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2011/08/16/ad-fs-2-0-and-uag-set-authorization-on-application-in-uag-based-on-claims-roles.aspx" href="http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2011/08/16/ad-fs-2-0-and-uag-set-authorization-on-application-in-uag-based-on-claims-roles.aspx">http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2011/08/16/ad-fs-2-0-and-uag-set-authorization-on-application-in-uag-based-on-claims-roles.aspx</a>)</p> <p>AD FS is a very great feature. No matter Network considerations, Active Directory Trust Relationships, just use HTTP(s) Exchange to Federate your Business Partners.</p> <p align="right"><strong>Published by Olivier DETILLEUX</strong></p><img src="http://myitforum.com/cs2/aggbug.aspx?PostID=158861" width="1" height="1">Forefront UAGUAGUAG SP1Forefront UAG SP1ADFSADFS V2claimsFederationpartner