M50412: Implementing Active Directory Federation Services 2.0

Version: A
Length: 4 Days 
Published: July 01, 2010 
Language(s): English 
Audience(s): IT Professionals 
Level: 300 
Technology: Windows Server 2008 
Type: Course 
Delivery Method: Instructor-led (classroom)

About this Course
This four-day instructor-ledcourse provides students with the knowledge and skills to install and configure Active Directory Federation Services 2.0 (AD FS). The course focuses on terminology, user interfaces, and common configuration scenarios for AD FS. Students will learn how to design AD FS environments and supporting technology such as a Public Key Infrastructure. Students will also learn how to design AD FS for security and high availability. 
Audience Profile
This course is intended for Windows IT professionals who want to become Active Directory Federation Services (AD FS) enterprise administrators, and move into the role of designing AD FS environments. 
At Course Completion
After completing this course, students will be able to:
oDefine key concepts and terminology relating to Active Directory Federation Services 2.0.
oInstall and configure Windows prerequisites for AD FS 2.0.
oInstall and configure Public Key Infrastructure (PKI) for AD FS 2.0.
oDeploy AD FS 2.0 to provide claims-aware authentication in a single organization.
oConfigure AD FS 2.0 to provide claims-aware authentication in a business-to-business federation.
oDesign and deploy advanced AD FS 2.0 scenarios, including providing for high availability and SAML interoperability.
oUse the AD FS 2.0 claims rule language to create custom claim rules.
oTroubleshoot AD FS 2.0.

Before attending this course, students must have:
oBasic understanding of networking.
oIntermediate understanding of network operating systems.
oAn awareness of security best practices.
oBasic knowledge of server hardware.
oSome experience creating objects in Active Directory.
oFoundation course (6424) or equivalent knowledge.
oBasic concepts of backup and recovery in a Windows Server Environment.

Course Outline
Module 1: Introducing Claims-based Identity
This module explains how to recognize AD FS terminology and common use cases for AD FS 2.0.
Lessons 
oIntroducing the Identity Metasystem
oExisting Solutions for Managing Identities
oThe Benefits of Claims-based Identity
oThe Evolution of AD FS
oUse Cases for AD FS
oAD FS and Claims-based Terminology
Lab : Familiarizing Yourself with the Lab Environment
oAccessing Servers Using Hyper-V
oAccessing Servers Using Remote Desktop
After completing this module, students will be able to:
oDiscuss and describe the Seven Laws of Identity, and how they pertain to managing identities for users and applications.
oExamine existing solutions for managing identities.
oDescribe the benefits of the Claims-based Identity model.
oDiscuss the evolution of Active Directory Federation Services (AD FS).
oDescribe common use cases for AD FS.
oDiscuss common terminology used when working with AD FS and Claims-based Identity.
Module 2: AD FS Prerequisites
This module explains how to configure Windows prerequisites for AD FS 2.0, including Windows Server and Internet Information Services (IIS). This module also explains how AD FS 2.0 utilizes Web services to achieve interoperability.
Lessons 
oWindows Prerequisites
oIntroducing Directory Services
oActive Directory and Active Directory Lightweight Directory Services
oWeb Services, Standards, and Interoperability
oInternet Information Services
Lab : Installing Windows Prerequisites for AD FS 2.0
oConfiguring DNS Forwarders
oConfigure a Sample WIF Application
After completing this module, students will be able to:
oIdentify the key Windows components required for AD FS.
oDescribe the key characteristics of a Directory Service.
oDescribe the role Active Directory and AD LDS perform in an AD FS deployment.
oDescribe what is meant by the terms Web Services, WS-*, and Security Assertion Markup Language (SAML).
oRecognize the role of IIS in a successful AD FS deployment.
Module 3: Public Key Infrastructure (PKI)
This module explains how to install and configure the Public Key Infrastructure (PKI) requirements necessary to deploy AD FS 2.0.
Lessons 
oIntroducing the Public Key Infrastructure
oPKI Basics
oIntroduction to Cryptography
oPKI Design
oInstalling and Configuring Certificate Services
Lab : Installing and Configuring a Public Key Infrastructure (PKI)
oInstalling and Configuring an Enterprise Root CA in the A. Datum Active Directory
oConfigure an SSL Certificate for the Web Server
oImport Certificates in the Necessary Locations
After completing this module, students will be able to:
oDescribe the concepts of a Public Key Infrastructure (PKI).
oDefine and discuss the basics of PKI.
oDescribe symmetric key and public key cryptography.
oDiscuss options for PKI design.
oDescribe the steps needed to install and configure Certificate Services.
Module 4: AD FS 2.0 Components
This module explains how to install and configure the Windows Identity Foundation (WIF), and how to install the AD FS 2.0 service in the federation server role.
Lessons 
oThe Federation Server Role
oClaims Types, Endpoints, and Attribute Stores
oAD FS Security
oThe Federation Server Proxy Role
oAdministering AD FS
oWindows Identity Foundation
Lab : Installing AD FS Server
oInstalling AD FS on ADATUM-DC1
oInstalling AD FS on CONTOSO-DC1
After completing this module, students will be able to:
oDescribe the role of the federation server in an AD FS 2.0 installation.
oUnderstand the importance of claims, claim types, endpoints, and attribute stores for a successful AD FS implementation.
oDiscuss best practices for securing an AD FS implementation, including the role of Public Key Infrastructure (PKI) certificates in securing the authentication and communication process.
oDescribe the role of the Federation Server Proxy.
oDescribe the methods available to administer an AD FS server.
oUnderstand the role of the Windows Identity Foundation (WIF) in creating claims-based applications.
Module 5: Claims-based Authentication in a Single Organization
This module explains how to design and deploy AD FS 2.0 to provide claims-based authentication within a single organization.
Lessons 
oPreparing for AD FS in a Single Organization
oAD FS Within a Single Organization
oUnderstanding Claims and Claim Types
oClaim Rules and Claim Rule Templates
oCreating Claim Rules from Templates
oConfiguring AD FS in a Single Organization
Lab : Configuring Claims-based Authentication in a Single Organization
oPrepare CONTOSO-DC1 with Certificates and Claim Rules
oConfigure the Sample WIF SDK Application Using FedUtil.exe
oConfigure a Relying Party Trust to the WIF SDK Sample Application
oConfiguring Claims-aware Access to SharePoint 2010
After completing this module, students will be able to:
oDefine the certificate requirements for AD FS in a single organization.
oDiscuss PKI certificate management for AD FS.
Module 6: Claims-based Authentication in a Business-to-Business Federation
This module explains how to design and deploy AD FS 2.0 to provide claims-based authentication in a business-to-business federation scenario.
Lessons 
oDeploying AD FS in a Federated Environment
oConfiguring a Claims Provider Trust
oUnderstanding Home Realm Discovery
oManaging Claims Across Organizations
Lab : Configuring Claims-based Authentication in a Business-to-Business Federation
oConfigure the WIF Sample Application for B2B Federated WebSSO
oConfigure SharePoint 2010 for Federated WebSSO Access
After completing this module, students will be able to:
oDeploy AD FS 2.0 in a business-to-business federation.
oConfigure an AD FS Claims Provider Trust.
oDescribe and configure the Home Realm Discovery process.
oManage AD FS Claims and Federation Trust relationships across organizations.
Module 7: Advanced AD FS Deployment Scenarios
This module explains how to deploy an AD FS server as a federation server proxy. It also explains how to design an AD FS deployment to create a high-availability configuration, and how to configure AD FS 2.0 to achieve interoperability with SAML 2.0-compatible products and applications.
Lessons 
oImplementing the Federation Server Proxy
oPlanning for High Availability
oAdditional AD FS Configuration Scenarios
oAD FS 2.0 and SAML Interoperability
Lab : Advanced AD FS Deployment Scenarios
oInstall and Configure the AD FS Proxy
oInstall and Configure an AD LDS Attribute Store
After completing this module, students will be able to:
oConfigure the AD FS 2.0 server in the Federation Server Proxy role.
oConfigure AD FS 2.0 for redundancy and high availability.
oDeploy AD FS 2.0 to provide interoperability with SAML 2.0-compliant federation partners.
Module 8: The AD FS Claims Rule Language
This module explains how to configure custom AD FS claim rules using the AD FS 2.0 claim rule language.
Lessons 
oReviewing the Claims Pipeline and Claims Engine
oIntroducing the Claims Rule Language
Lab : The AD FS Claims Rule Language
oCreate Rules Using the Claim Rule Language
oQuery an AD FS Attribute Store
After completing this module, students will be able to:
oDescribe the AD FS 2.0 Claims Pipeline and Claims Engine processes.
oCreate and configure custom claim rules using the AD FS 2.0 claim rule language.
Module 9: AD FS Troubleshooting
This module explains how to audit, troubleshoot, and trace AD FS 2.0 components and claims-aware applications, at both the server and client level.
Lessons 
oConfiguring Auditing for AD FS
oAD FS Troubleshooting
oTracing AD FS Traffic
Lab : AD FS Troubleshooting
oView AD FS Troubleshooting Information
oView AD FS Web Browser Traffic
After completing this module, students will be able to:
oConfigure troubleshooting and security auditing for AD FS 2.0.
oUse built-in Windows tools to troubleshoot AD FS components and prerequisites.
oTrace AD FS Web traffic for troubleshooting and configuration purposes.