PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to...

13
02/11/2015 1 This is a slide for graphics (It has a white background)

Transcript of PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to...

Page 1: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

1

This is a slide for graphics (It has a white background)

Page 2: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

2

Page 3: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

3

PCs and serversMicrosoft AD

GAfE, AzureAD, on-premAD.

ChromeOS, PC, iOS.

Various web apps. Distributed.

Last 10 years

Now & Future

Password 1 Password 2 Password 3 Password 4

Type of App Identity Issues/Problems

Federated – a way of connecting

different completely independent

security realms/networks with each

other such that the users in each realm

can access resources in each of the

these realms

Page 4: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

4

Harry aka “The Baker” Williamson

William Harry’s dad

Page 5: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

5

Page 6: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

6

PROVISIONING

Simple, automated user provisioning.

Driven from existing data source: MIS

Onward provisioning of all your connected services.

AUTHENTICATION

Sign into your network from anywhere.

SSO from integrated devices.

Support many web SSO standards – makes app integration simpler.

AUTHORISATION

Simplify permissions with RBAC – Role based access control.

Network admin provides consent for data release to apps.

SELF SERVICE

Forgotten passwords

Self service password recovery via email or SMS.

App catalog – shop window of online resources for teachers.

PASSWORD MANAGEMENT

Self-service – reducing the burden.

Delegated password reset rights where appropriate.

COMPLIANCE

Enforce a user attribute release policy – only share minimal data with apps.

Audit key management tasks, e.g. password reset.

Reviewing hosting location of online services.

DEPROVISIONING

Automated via the starters-leavers process in MIS system.

Cascade of user delete to all connected apps.

Provisioning Authentication

Authorisation

Self-Service

Password Management

ComplianceDe-provisioning

IdentityLifecycle

Relationship starts…

Relationship ends…

Provisioning The process of preparing a service for new users, prior to them accessing it

• In-advance provisioning– When the app must know about users before access

– Needs a data feed to be kept in sync with Identity Provider

– E.g: Office 365 Outlook (we must create mailbox ahead of time)

• Just in time provisioning – When the app creates account on-the-fly

– App knows the user is authorised by Identity Provider

– App might receive a few data attributes about the user

– E.g.: Simple reading app (just needs to bookmark)

Page 7: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

7

Service Provider

Identity Provider

HARRY,Password XYZ

HARRY,Password XYZ

TRUST

HARRY, R+W

HARRY, R+W

HARRY = SMT

1. Encrypted Authenticator Package

KDC

2. Package decrypted & identity claim checked

3. TGT Sent to client

5. Ticket for file server sent to client

4. TGT Sent to KDC with request for Ticket

6. Client access to file server via Ticket

Page 8: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

8

•https://sts.cloudready.ms/adfs/ls/?SAMLRequest=jZFRT4MwFIX%2FCun7KC3OjWaQ4PbgkqlkoA%2B%2BmAKdNCkt9hZ1%2F14GmkwfFl%2Fv%0APfc7p6cr4K3qWNq7Ru%2FFWy%2FAeZ%2Bt0sDGRYx6q5nhIIFp3gpgrmJ5erdj1A9Y%0AZ40zlVHISwGEddLotdHQt8Lmwr7LSjzudzFqnOuAYQyNLP1Kmb62gtdHvwWc%0AD6PSKOEaH8DgE5ni7CEvkLcZokjNT9AzhIM%2FBF4fACvAyNtuYvRSRSIiZXlN%0AwrlY0CriSxKGhNLDFeXhYjkfZAC92GpwXLsY0YCEM0JnQVQESxaEjCyekZd9%0AP%2BxG6lrq18stlJMI2G1RZLMp%2FJOwMAYfBChZnbpko7E9a%2Fcylv9UipJ%2FFbjC%0AZy6TZcfuB%2Bx2kxklq6OXKmU%2B1sOpEzEiCCfTye%2FfT74A%0A&RelayState=cookie%3A29002348&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=M0xoWQfcN3Yp94T2HiqIdJzEkxYqGc6hhopqi8xOI%2B2BtPSLufFDdQIF7z6Xjm6XdLq1MH9Av5xz2QWYs84ZYhlG3fHtZCjjaoI2wZqplRszHla%2BjtZoW20NGDepDsCRT0AKNkhe%2B4Yj3LshrM6EX5O3obx2Mypy8EcsoURkTF3kf1dwKqsGA3ka7ehbRmUQGJUXD0u4iFBog7YgkL4Q9FYMTanZeRo2X4%2FkAeNxT8ormKWJfYnAzg0F4Ku60zDd5N7jYu4XeyOsXDthEFI5H4WYucAprREl2hgSUI21J782kKzrslalIaJ5BKPIO50NPCIb5Sf6Zw4maLpZrFEfrw%3D%3

Page 9: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

9

• https://sts.cloudready.ms/adfs/oauth2/authorize?response_type=code&client_id=3fb2a37f-4ced-409c-937c-dddd776f4dfd&redirect_uri=https://www.davetestapp.com&resource=https://www.davetestapp.com

WEB1DB1

1. Client needs access. Authenticates

2. WEB1 checks with main identity provider

3. Client needs access

4. DB1 checks with main identity provider

Page 10: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

10

Page 11: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

11

MIS

RM Unify

AD Sync

User accounts

Sig

n in

Authentication

Page 12: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

12

Page 13: PowerPoint PresentationTGT Sent to client 5. Ticket for file server sent to client 4. TGT Sent to KDC with request for Ticket 6. Client access to file server via Ticket.

02/11/2015

13


A Servlet’s Job Read explicit data sent by client (form data) Read implicit data sent by client (request headers) Generate the results Send the explicit.

A Servlet’s Job Read explicit data sent by client (form data) Read implicit data sent by client (request headers) Generate the results Send the explicit.

Client Companion Guide - marketplace.bamboohr.com · Full import history of all data sync’d and a ticket management ... My client name is PlanSource ... would like employees PayPeriods

Client Companion Guide - marketplace.bamboohr.com · Full import history of all data sync’d and a ticket management ... My client name is PlanSource ... would like employees PayPeriods

Ticket Policy Student Ticket Policy. Who is CONFUSED?

Ticket Policy Student Ticket Policy. Who is CONFUSED?

CSE 154 LECTURE 17: JAVASCRIPT. Client-side scripting client-side script: code runs in browser after page is sent back from server often this code manipulates.

CSE 154 LECTURE 17: JAVASCRIPT. Client-side scripting client-side script: code runs in browser after page is sent back from server often this code manipulates.

ANSWERS Lesson 11 Exit Ticket Lesson 12 Exit Ticket Grade Math HOMEWORK ANSWERS Lesson 11 Exit Ticket & Lesson 12 Exit Ticket

ANSWERS Lesson 11 Exit Ticket Lesson 12 Exit Ticket Grade Math HOMEWORK ANSWERS Lesson 11 Exit Ticket & Lesson 12 Exit Ticket

Dell Power Edge M1000e Chassis Management Controller ... · and it creates a ticket using login password as encryption key. This encrypted key is sent to the client which stores it

Dell Power Edge M1000e Chassis Management Controller ... · and it creates a ticket using login password as encryption key. This encrypted key is sent to the client which stores it

JP - Ticket Services Manager, Client Servicesattpac-website-assets.s3.amazonaws.com/assets/File/3105.pdf · TheCenter’s!mission!istoprovideapublicgatheringplacethatstrengthenscommunityandfosterscreativity!

JP - Ticket Services Manager, Client Servicesattpac-website-assets.s3.amazonaws.com/assets/File/3105.pdf · TheCenter’s!mission!istoprovideapublicgatheringplacethatstrengthenscommunityandfosterscreativity!

E-TICKET GUIDE WHAT IS AN E-TICKET? WHAT ARE · PDF fileE-TICKET GUIDE WHAT IS AN E-TICKET? e-Tickets are an electronic version of a paper ticket. You can print the ticket in colour

E-TICKET GUIDE WHAT IS AN E-TICKET? WHAT ARE · PDF fileE-TICKET GUIDE WHAT IS AN E-TICKET? e-Tickets are an electronic version of a paper ticket. You can print the ticket in colour

User Guide: Booking E-Ticket - IRCTC Guide E-Ticket Booking.pdf• Booking confirmation mail will be sent on Email ID (registered with IRCTC User ID). To print Electronic Reservation

User Guide: Booking E-Ticket - IRCTC Guide E-Ticket Booking.pdf• Booking confirmation mail will be sent on Email ID (registered with IRCTC User ID). To print Electronic Reservation

Meet The Candidates! Republican Ticket Democratic Ticket.

Meet The Candidates! Republican Ticket Democratic Ticket.

Consumers and the ticket market: Ticket onselling in the ...archive.treasury.gov.au/documents/1914/PDF/Ticket_scalping_report.pdf · the ticket market Ticket onselling in ... online

Consumers and the ticket market: Ticket onselling in the ...archive.treasury.gov.au/documents/1914/PDF/Ticket_scalping_report.pdf · the ticket market Ticket onselling in ... online

A Strategy for Improved Access to Care · 13 Scheduling Tickets – Radiology What is a scheduling ticket? • A scheduling ticket is message that is sent automatically by an ordering

A Strategy for Improved Access to Care · 13 Scheduling Tickets – Radiology What is a scheduling ticket? • A scheduling ticket is message that is sent automatically by an ordering

Transformation in Revenue Accounting - · PDF file2. Stop ticket issuance to defaulted agents? -IATA now provides ‘ticketing authority’ status files -Files sent every 2 hours as

Transformation in Revenue Accounting - · PDF file2. Stop ticket issuance to defaulted agents? -IATA now provides ‘ticketing authority’ status files -Files sent every 2 hours as

How to Download and Return documents through the Client ......How to Download and Return documents through the Client Portal using a laptop or desktop 1) When sent documents through

How to Download and Return documents through the Client ......How to Download and Return documents through the Client Portal using a laptop or desktop 1) When sent documents through

TICKET RESELLING IN AUSTRALIA...Broadly, ticket reselling and ticket scalping is not illegal in Australia. In some States and Territories, ticket reselling and ticket scalping are

TICKET RESELLING IN AUSTRALIA...Broadly, ticket reselling and ticket scalping is not illegal in Australia. In some States and Territories, ticket reselling and ticket scalping are

User Guide Exhibitor Passes and Ticket Vouchers …...Online vouchers save postage as they can be sent by e-mail or via the online campaign tool of our ticket system. Online vouchers

User Guide Exhibitor Passes and Ticket Vouchers …...Online vouchers save postage as they can be sent by e-mail or via the online campaign tool of our ticket system. Online vouchers

16 18 TICKET -/CARDZONE REGION RE2 10 TICKET … · cardzone hannover 2 cardzone hannover 2 ticket-/cardzone umland ticket-/cardzone umland ticket -/cardzone region ticket -/cardzone

16 18 TICKET -/CARDZONE REGION RE2 10 TICKET … · cardzone hannover 2 cardzone hannover 2 ticket-/cardzone umland ticket-/cardzone umland ticket -/cardzone region ticket -/cardzone

DATA APPLICATION NEGOTIATED FARES – … · 3.2.4 Net Remit and Credit Card Forms of ... The Electronic Ticket message will be sent ... The agency Reporting Tape files will be sent

DATA APPLICATION NEGOTIATED FARES – … · 3.2.4 Net Remit and Credit Card Forms of ... The Electronic Ticket message will be sent ... The agency Reporting Tape files will be sent

High ticket sales funnel #1 client strategy session funnel

High ticket sales funnel #1 client strategy session funnel

[MS-RDPEECO]: Remote Desktop Protocol: Virtual Channel ......Echo Request PDU sent to a terminal-server client contains a sequence of bytes ([MS-DTYP] section 2.1.2) that is sent back

[MS-RDPEECO]: Remote Desktop Protocol: Virtual Channel ......Echo Request PDU sent to a terminal-server client contains a sequence of bytes ([MS-DTYP] section 2.1.2) that is sent back