1
00:00:06,410 --> 00:00:14,270
Deploying ADF fails to provide as a so in a business to business federation is a common scenario.

2
00:00:14,810 --> 00:00:23,300
In this scenario, the organisation that requires access to another organisation's application or service

3
00:00:23,630 --> 00:00:30,620
can manage its own user accounts and define its own authentication mechanisms.

4
00:00:31,660 --> 00:00:40,090
The other organisation can define which applications and services to expose to users outside of the

5
00:00:40,090 --> 00:00:49,150
organization and which claims are to which claims it will accept to provide access to the application.

6
00:00:50,130 --> 00:00:52,950
Through law, replication or server sharing.

7
00:00:52,950 --> 00:01:02,550
In this scenario the organisations must establish a federation trust and then define the rules for exchange

8
00:01:02,550 --> 00:01:03,840
claims between them.

9
00:01:05,340 --> 00:01:08,340
Let's review the following demonstration.

10
00:01:09,490 --> 00:01:16,920
Of the flow of traffic in a federation business to business scenario by using a glimpse of their web

11
00:01:16,920 --> 00:01:17,760
application.

12
00:01:18,330 --> 00:01:26,220
In this scenario, a user was sent through research miles to access a Web based application at a datum

13
00:01:26,220 --> 00:01:27,120
Corp..

14
00:01:27,660 --> 00:01:36,510
The Area First authentication process for this scenario is as follows First, a user a trail research

15
00:01:36,750 --> 00:01:41,790
uses a web browser to establish a st-pierre's connection.

16
00:01:42,860 --> 00:01:46,460
To the web server and ADA to incorporation.

17
00:01:47,430 --> 00:01:55,800
Second, the web application receives the request and verifies the user does not have a valid token

18
00:01:55,810 --> 00:02:03,060
stored in a cookie by the web browser because the the user is not authenticated.

19
00:02:03,390 --> 00:02:11,940
The web application redirects the client to the Federation server at a datum corporation by using an

20
00:02:12,270 --> 00:02:13,260
H2 to be.

21
00:02:13,950 --> 00:02:15,300
302.

22
00:02:15,300 --> 00:02:16,620
Redirect message.

23
00:02:18,250 --> 00:02:26,000
Then the client computer sends an extra to pass the request to the Federation server at ADA Corporation.

24
00:02:26,590 --> 00:02:34,600
The Federation server determines the home realm for the user, and in this scenario, the home realm

25
00:02:34,600 --> 00:02:36,010
is three research.

26
00:02:37,390 --> 00:02:45,820
After that, the web server again redirects the client computer to the Federation server in the user's

27
00:02:45,820 --> 00:02:46,700
home realm.

28
00:02:47,050 --> 00:02:48,520
Which Austrian research?

29
00:02:49,820 --> 00:02:56,690
Then the client computer sends an urge to depress the request to the Trade Research Federation's server.

30
00:02:58,340 --> 00:03:00,050
The six step.

31
00:03:00,230 --> 00:03:07,670
If the user is already assigned into the domain, the Federation server can take the user's Kerberos

32
00:03:07,670 --> 00:03:15,890
ticket and request authentication from entities on the user's behalf by using RW.

33
00:03:16,880 --> 00:03:22,250
If the user is not signed into the domain, the user was prompted for credentials.

34
00:03:23,640 --> 00:03:27,820
Next up, the editors demand controller of some tickets.

35
00:03:27,840 --> 00:03:35,790
The user round sent the success message back to the Federation server alone with all the information

36
00:03:36,360 --> 00:03:44,400
about the user that the Federation server can use to generate the user's claims.

37
00:03:45,690 --> 00:03:54,000
Then the Federation server creates the claim for the user based on the rules defined for the Federation

38
00:03:54,000 --> 00:03:54,630
partner.

39
00:03:55,020 --> 00:04:04,500
The Federation server places the claims data in a digitally signed security token and then sends it

40
00:04:04,500 --> 00:04:11,970
to of the client computer which posts it back to the Federation server at a date and corporation.

41
00:04:12,900 --> 00:04:22,050
The ninth step is that Federation server at any datum corporation validates that the security token

42
00:04:22,050 --> 00:04:26,280
can came from a trusted federation partner.

43
00:04:27,170 --> 00:04:35,450
Next stop, the Federation server at 8:08 a.m. Corporation creates and signs the new token which it

44
00:04:35,450 --> 00:04:37,310
sends to the client computer.

45
00:04:37,790 --> 00:04:44,630
The client computer then sends the token back to the original URL that was requested.

46
00:04:45,900 --> 00:04:53,100
And finally, the application on the web server who receives the request and will it dates the sign

47
00:04:53,110 --> 00:04:53,910
tokens.

48
00:04:54,570 --> 00:05:02,430
The Web server issues the client assertion cookie indicating the authentication succeeded.

49
00:05:03,060 --> 00:05:12,060
The Federation server issues a file based persistent cookie, which is valid for 30 days by default.

50
00:05:12,840 --> 00:05:18,420
It eliminates the home realm discovery step during the cookies lifetime.

51
00:05:19,200 --> 00:05:27,030
The server then provides access to the application based on the claims that the user provides.