1
00:00:06,910 --> 00:00:09,430
And Windows Server 2016.

2
00:00:09,790 --> 00:00:15,310
The server rules for any offense are as follows Claims Provider.

3
00:00:15,850 --> 00:00:23,860
A claims provider is a federation server that provides users with signed tokens containing claims.

4
00:00:24,430 --> 00:00:32,020
Claims Provider Federation servers are deployed in organisations where a user accounts are located.

5
00:00:33,060 --> 00:00:40,890
When a user requests a token, the claims provider for duration server verifies user authentication

6
00:00:40,890 --> 00:00:51,110
by using HFS and then it collects information from an attribute store such as edit s or Active Directory

7
00:00:51,120 --> 00:00:53,340
Lightweight Directory services or.

8
00:00:54,520 --> 00:01:03,460
A d lds to populate the user claim with the attribute required by the partner organization.

9
00:01:04,210 --> 00:01:08,320
The server issues tokens in the thermal format.

10
00:01:09,010 --> 00:01:16,750
The claims provider for the Russian server also helps to protect the contents of security tokens in

11
00:01:17,230 --> 00:01:18,040
transit.

12
00:01:19,040 --> 00:01:22,250
By signing end optional it and grouped in them.

13
00:01:23,350 --> 00:01:32,140
Another rule is rely in part to a ruling party is a federation server that receives security.

14
00:01:33,210 --> 00:01:38,130
Tokens from a trusted claims provider rely on barter for duration.

15
00:01:38,130 --> 00:01:47,820
Servers are deployed in organizations that provide application access to claims provider organizations.

16
00:01:48,360 --> 00:01:56,850
The role the ruling party accepts and well, it dates the claim and then it issues the new security

17
00:01:56,850 --> 00:02:03,990
tokens that the web server can use to provide appropriate access to the application.

18
00:02:04,830 --> 00:02:15,240
Please know that a single ADF server can operate as both a claims provider and to rely on party even

19
00:02:15,510 --> 00:02:17,700
with the same partner organizations.

20
00:02:18,210 --> 00:02:26,640
The idea for a server functions as a claim provider when it authenticates users and provides tokens

21
00:02:26,640 --> 00:02:34,590
for another organization, but it also accept tokens from the same or different organizations in a ruling

22
00:02:34,590 --> 00:02:35,100
party.

23
00:02:36,450 --> 00:02:42,870
The next server role for a defense is Web Application Proxy.

24
00:02:43,410 --> 00:02:52,050
A Web application proxy provides an extra level of security enhancement for adverse traffic that comes

25
00:02:52,050 --> 00:02:55,050
from the Internet or internal eight.

26
00:02:55,170 --> 00:03:03,810
First for duration servers and a federation service proxy can be deployed in both claims provider and

27
00:03:04,080 --> 00:03:06,000
rely partner organizations.

28
00:03:06,720 --> 00:03:14,010
On the claims provider side, the browser collects the authentication information from client computers

29
00:03:14,430 --> 00:03:21,000
and passes it to the claims provider for duration server for processing.

30
00:03:21,900 --> 00:03:30,690
The Federation server issues the security token through the proxy which sends it to the ruling party

31
00:03:30,690 --> 00:03:31,320
proxy.

32
00:03:32,010 --> 00:03:40,950
The ruling party, a federation server proxy, accepts this tokens and then passes them to the internal

33
00:03:40,950 --> 00:03:42,180
federation server.

34
00:03:42,750 --> 00:03:51,600
The raw important federation server issues a security token for the web application, and then it sends

35
00:03:51,600 --> 00:03:57,870
the token to the Federation server proxy which forwards the token to the client.

36
00:03:58,560 --> 00:04:04,320
The Web application proxy does not provide any tokens or create claims.

37
00:04:04,890 --> 00:04:14,880
It only forwards requests from clients to internal servers, all communication between the web application

38
00:04:14,880 --> 00:04:17,640
proxy and the Federation server users.

39
00:04:18,270 --> 00:04:18,990
It appears.

40
00:04:20,500 --> 00:04:28,540
Please note that you cannot configure a web application Brooks and the claims provider or as a rely

41
00:04:28,540 --> 00:04:36,040
on part of this claims provider and rely on part partner must be members of the editors domain.

42
00:04:36,430 --> 00:04:45,970
You can configure the web application proxy as a member of a work group or as a member of our an extranet

43
00:04:45,970 --> 00:04:46,690
forest.

44
00:04:47,080 --> 00:04:49,960
And you can deploy it in a perimeter network.

45
00:04:51,350 --> 00:04:58,010
Next up, we'll be talking about planning an ideal first deployment for online services.

46
00:04:58,040 --> 00:04:59,060
I'll see you there.