1
00:00:06,390 --> 00:00:14,580
In a business to business 81st century, the terminology that you use to describe the two partners in

2
00:00:15,120 --> 00:00:18,150
their first deployment changes slightly.

3
00:00:18,480 --> 00:00:24,510
In this scenario, another name for the claims provider organization is the account.

4
00:00:24,510 --> 00:00:32,880
Partner and Account Partner Organization is an organization in which user accounts are stored in an

5
00:00:33,120 --> 00:00:34,290
attribute store.

6
00:00:34,830 --> 00:00:38,070
An account partner handles the following tasks.

7
00:00:38,490 --> 00:00:48,510
It gathers credentials from users who are using a web based service and then authenticates those credentials.

8
00:00:48,990 --> 00:00:52,050
And it also builds up claims for use.

9
00:00:52,290 --> 00:00:56,250
Some of them package the claims into security tokens.

10
00:00:56,580 --> 00:01:04,860
The tokens can be then presented across the Federation Trust to gain access to for duration resources

11
00:01:05,160 --> 00:01:13,740
that are located in the Service Partners Organization to configure the account partner organization

12
00:01:13,740 --> 00:01:18,030
to prepare for for duration, you have to use the following steps.

13
00:01:18,540 --> 00:01:24,690
First, you have to implement the physical topology for the account partner deployment.

14
00:01:25,110 --> 00:01:33,420
This step can include deciding on the number of duration server send for duration server proxies to

15
00:01:33,420 --> 00:01:39,450
deploy and configure the required DNS records and certificates.

16
00:01:39,960 --> 00:01:48,780
And the second step is to add an attribute store, use the error first management console to add the

17
00:01:48,780 --> 00:01:49,950
attribute store.

18
00:01:50,370 --> 00:01:58,080
In most cases, you use the default Active Directory Attributes Store, which can be used for authentication,

19
00:01:58,500 --> 00:02:05,550
but you can also add other attributes stores if required to build the user claims.

20
00:02:06,270 --> 00:02:12,420
You connect to a resource partner organization by creating a really important trust.

21
00:02:12,960 --> 00:02:21,540
The simplest way to do this is to use the Federation method to your rule that is provided by the resource

22
00:02:21,540 --> 00:02:22,920
partner organization.

23
00:02:23,430 --> 00:02:30,810
With this option, your data for a server automatically collects the information required for the rule

24
00:02:30,810 --> 00:02:32,130
line bar to trust.

25
00:02:33,460 --> 00:02:36,820
The third step is to add a glamorous group.

26
00:02:36,820 --> 00:02:44,950
So the claim description lists the claims that your organization provides to the resource partner.

27
00:02:45,370 --> 00:02:53,230
This information might include usernames, email addresses, group membership information, or other

28
00:02:53,230 --> 00:02:55,690
identifying information about users.

29
00:02:56,600 --> 00:03:03,050
And finally, the fourth step is to prepare the client computers for for duration.

30
00:03:03,380 --> 00:03:06,050
This might involve two steps.

31
00:03:06,620 --> 00:03:12,080
You have to add the second part of the duration server in the browser.

32
00:03:12,110 --> 00:03:20,390
So the client computers and the account partner for duration server to the local intranet side list

33
00:03:20,960 --> 00:03:27,020
budget in the account partner federation server to the local intranet list all the client computers

34
00:03:27,410 --> 00:03:28,370
you enable.

35
00:03:29,000 --> 00:03:38,270
I w a which means that the users will not be prompted for authentication if they are already assigned

36
00:03:38,320 --> 00:03:39,230
into the domain.

37
00:03:39,650 --> 00:03:45,800
You can use group policy object to assign the URL to the local intranet site list.

38
00:03:46,900 --> 00:03:51,010
And the second step is to configure certificate trusts.

39
00:03:51,520 --> 00:04:00,070
This is an optional step that is required only if you if one or more of the servers of the client's

40
00:04:00,070 --> 00:04:03,010
access do not have trusted certificates.

41
00:04:03,430 --> 00:04:10,810
The client computer might have to connect to the configuration source resource for duration servers

42
00:04:11,380 --> 00:04:17,180
or for the Russian server proxies and to the destination web servers.

43
00:04:17,620 --> 00:04:25,840
If any of this certificates are not from the trusted public C, you might have to add the appropriate

44
00:04:25,840 --> 00:04:30,970
certificate or root certificate to the certificate store of the client.

45
00:04:31,390 --> 00:04:34,240
You can do this by using both as well.

46
00:04:35,060 --> 00:04:37,780
Now some words about resource partner.

47
00:04:39,330 --> 00:04:45,330
The resource partner is a real landlord in a business to business for duration.

48
00:04:45,330 --> 00:04:55,200
Sonera The resource partner organization is where the resources exist and where they are made accessible

49
00:04:55,200 --> 00:04:57,840
to the ground partner organizations.

50
00:04:58,440 --> 00:05:06,750
The resource partner handles the following tasks it accepts security tokens, the Gold Partner Federation

51
00:05:06,750 --> 00:05:15,520
server produces and validates, and it also consumes the claims from from the security tokens and then

52
00:05:15,810 --> 00:05:22,860
provides new claims to its web servers after making an authorization decision.

53
00:05:24,780 --> 00:05:30,440
Web servers must have either WITF or the ADA first.

54
00:05:30,880 --> 00:05:31,860
One dot.

55
00:05:32,920 --> 00:05:38,320
X claims were web agent installs to.

56
00:05:39,530 --> 00:05:44,630
Externalize the identity, logic and accept claims.

57
00:05:45,230 --> 00:05:54,320
WEF provides a set of development tools that allow developers to integrate claims based authentication

58
00:05:54,320 --> 00:05:58,100
and authorization into their applications.

59
00:05:58,700 --> 00:06:05,030
W If also includes a software deployment kit and sample applications.

60
00:06:06,010 --> 00:06:14,550
Please know that you can use thermal tokens to integrate applications on non Microsoft web servers with

61
00:06:14,570 --> 00:06:15,100
either of.

62
00:06:16,480 --> 00:06:20,590
Additional open source or third party software.

63
00:06:21,570 --> 00:06:29,520
As typical and necessary to support the use of thermal tokens on a known Microsoft Web server.

64
00:06:30,950 --> 00:06:31,140
Though.

65
00:06:31,160 --> 00:06:34,730
Some words about configuring a resource partner organization.

66
00:06:36,710 --> 00:06:44,300
And it is similar to configuring in a go and partner organization and consist of the following steps.

67
00:06:44,660 --> 00:06:50,590
First, you have to implement the physical topology for the resource partner deployment.

68
00:06:51,050 --> 00:06:59,500
The planning and implementation steps are the same as those for the account partner with the additional

69
00:06:59,510 --> 00:07:03,200
of blend of the web server, location and configuration.

70
00:07:03,950 --> 00:07:13,820
The second step is to add an attribute to the claims provider using the attributes tool to gather data

71
00:07:14,090 --> 00:07:17,150
that is necessary to issue the claims.

72
00:07:17,660 --> 00:07:23,720
Data from the attribute store is then projected as claims to the client.

73
00:07:24,690 --> 00:07:32,100
The third step is to connect to an account partner organization by creating a claims provider trust.

74
00:07:32,580 --> 00:07:36,780
And finally, you have to create Glympse three sets.

75
00:07:38,000 --> 00:07:40,520
For their claims for a wider trust.

76
00:07:41,090 --> 00:07:44,450
Next up, we'll be talking about configuring claims rules.