Claims explained

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome to the i.t free training video on what our claims and the protocols that are used with claims by the end of this video you will have an excellent understanding of how Federation based systems use claims to provide access to services and what protocols they use first of all what is the claim to put it in its simplest form a claim as a statement made by one party about another party and for example suppose you have a user named Jane Doe Jane Doe may want to access another service on the network this service however does not know anything about Jane Doe in order for Jane Doe to access this service another system called an identity provider is required the identity provider knows who Jane Doe is and thus is willing to create a claim for her this claim contains information about Jane Doe like her identity if you have ever used your facebook login to access a non Facebook site on the Internet this is the same process Facebook holds your identity if you want to use your Facebook identity to access another site Facebook supplies you a claim that contains your identity now that Jane Doe has a claim she can use that claim to access the service the next point to consider is how claims are packaged a claim is placed inside a security token so when dealing with Federation services you may hear the terms claims and tokens used to describe the same thing you may also hear the phrase the server consumes tokens to understand how this works let's look at a fictional example first consider that you have an employee who has done well the company has decided to reward the employee by giving them a voucher for a movie in order to see the movie the employee would next need to present the voucher to a cinema once the voucher has been presented this is kept and the movie ticket is given to the employee once the employee has the movie ticket they and then use the movie ticket to see the movie you see how one item is exchanged for another Federation services will often be configured in a similar way let's consider this example of a typical Federation service example this time the employee is a computer requesting access to an application in order to obtain this access the computer contacts a federation server in their company the Federation server issues them a token which contains a claim this claim may contain details like the name of the person attempting to get access the token is then presented to the server and it is consumed or destroyed next a second token is created this token contains details like which server is running in that application if you consider the previous example of the cinema the voucher allows the employee to see a movie however once presented it is swapped for a movie ticket the movie ticket contains information on it like the number the theater that the movie will be shown in in this case the token contains information about which applications the computer may access information like this was not available to the first surfer that created the first token and is subject to change just like which movie is showing in which theater once the token has been created it is transferred to the computer this token can now be used to access a claims aware application you can see how a claim was encased inside a token and used for authentication a new token containing a claim was then created to determine what they would access thus when dealing with Federation services you may see the terms security token and claims are used interchangeably but they are essentially referring to the transfer of claims I will now have a look at the protocols that are used to make this process work shown are some of the protocols that may be used with Federation services which Federation system you use and how it is configured will determine which protocols are used at first it may look confusing with so many protocols being used to get a better understanding I will have a look at some of them in more detail the first protocol that I will look at is ws-trust ws-trust is the protocol that is responsible for secure message exchange between different servers this communication is used to transfer tokens this is important as there are many different types of Federation solutions for example if you have an Active Directory Federation server and a Linux based Federation server there needs to be a common protocol between these systems to allow them to communicate this protocol defines how a token will be exchanged between different parts of the Federation system the next question is what information is exchanged between the two parties the next protocol I will look at is sam'l sam'l isn't standard for the exchange of authentication between different parties it is often used in Active Directory Federation services to create tokens so essentially what you have so far is this you have the protocol ws-trust which defines how tokens are exchanged their renewal if required in creation of a secure channel for communication sam'l is used to create the token itself although there are many different protocols that could be used other than sam'l to think of it a different way imagine you are using the postal system the postal system defines how items are posted for example they need to be in a box and they need to have an address and stamps on them to be posted but it is up to you to decide what to put in the box in the example ws-trust is used to define how communication will occur for tokens however sam'l is used to define the token itself Federation services can be used to communicate using many different methods in most cases certificates will be used however usernames and passwords could also be used what can be accepted is referred to as an endpoint to better understand this concept I will open server manager on this computer which is running Active Directory Federation services once server manager is open I will next open Active Directory Federation services management from under the Tools menu this server already has Active Directory Federation services installed and configured in later videos I will have a look at how to do this however in this video I will have a quick look at the configuration to better understand how endpoints work in Active Directory Federation services this will also give us a better understanding of how the protocols are used in Federation services from ad FS management I will expand down through services until I get to endpoints this will show all the endpoints this server currently accepts if I select one notice this endpoint uses ws-trust 2005 this means the other Federation servers will need to support this as well notice that under authentication this is listed as certificate this means this endpoint will only accept ws-trust 2005 with certificates if I select another endpoint notice that this endpoint is also ws-trust 2005 but this time the authentication type is sam'l token you can see how customizable Federation services can be allowing different protocols to be used together in a lot of cases this is just a matter of making sure that both sides accept the same protocols notice further down this endpoint uses ws-trust 1.3 in the authentication type described eros Kerberos is a ticket based system so essentially in Active Directory environment this means a Kerberos token is created and presented to the server this endpoint would generally be used inside a company if I scroll down notice the end point under metadata this is an XML file that contains the configuration information for the Federation server when setting up trusts in Active Directory Federation services which will be covered in later videos this file is used in speeding up that process without the XML file when configuring a Federation trust the information will need to be entered in manually for the trust the last two protocols that I will look at are WSDL and uddi both of these protocols are used to describe or advertise a web service they are often used with other protocols so you may not come across them directly that much for this reason I will simply make you aware of them at present but will not go into detail about them well that covers it for claims and protocols used by claims I hope you found this video informative and I hope that I see you in the other videos on this course and others thanks for watching and see you next time
Info
Channel: itfreetraining
Views: 35,720
Rating: undefined out of 5
Keywords: Federation, Claims, ITFreeTraining
Id: SWiHo3tFlQs
Channel Id: undefined
Length: 9min 55sec (595 seconds)
Published: Tue Jul 08 2014
Related Videos
Federation Services Terminology
itfreetraining
45K
Claim Based Identity Systems
itfreetraining
63K
Get Into Software Engineering In 2023: Interview and Advice
Ivy Club
238
How Claims Based Authentication works
Pluralsight
105K
Cybersecurity and Zero Trust
IBM Technology
30K
Zero Trust Explained in 4 mins
IBM Technology
66K
Relying Party Trust Theory
itfreetraining
27K
The Difference between GAAP and IFRS
WolvesAndFinance
167K
Go with your gut feeling | Magnus Walker | TEDxUCLA
TEDx Talks
9.4M
DDR Memory
itfreetraining
880
Subnetting
itfreetraining
35K
Network Speeds and Limitations
itfreetraining
1.2K
Clean Code - Uncle Bob / Lesson 3
UnityCoin
290K
IDE/PATA
itfreetraining
510
Installing AD FS High Cost Training
itfreetraining
16K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.