Active Directory Federation Services and YubiKeys

The conclusion to my previous post was that I’ll be showing how to implement YubiKeys along with Active Directory Federation Services. So, where do we start on this topic?…

It’s sort of a logic at play here that says that if you aren’t familiar with Active Directory Federation Services (from here on abbreviated as ADFS) a lot of this post will not make sense to you at first glance. So, if you are familiar with ADFS skip ahead – if not I’ll have a few paragraphs explaining why you might be interested in taking a look at ADFS.

Surely everyone has noticed that there are a lot of web sites where there’s two options for signing in; either using an account for that particular site or "use your Google/Facebook/Twitter account to sign-in". The basic concept is easy enough – you already have a user identity, so why would you need another one? Why can’t you re-use the existing one? If you have ever logged on to a domain-joined Windows computer you’ve experienced this already. There is a central user catalog called "Active Directory" that you sign in to, and after being verified there you can access your file shares, Exchange account, etc without needing to sign into each and every one of those services.

Read more

Two-factor Authentication on Mobile Devices

I have a number of things I find interesting when it comes to computers and gadgets, and a recurring theme for me is decent security combined with good user experiences. (That does sound grandiose doesn’t it?)

Lately I’ve been researching this more than usual partly due to building some services in Windows Azure where I want to provide secure and authenticated access. (And I don’t consider myself competent to build a fully hardened solution from scratch just because I know what hashing and salting of passwords means.) While looking into this I came across a nifty product series called YubiKey from http://www.yubico.com, and wanted to share some thoughts on these. If you’ve visited my blog before you might have noticed I’ve already covered client certificates a few times, which of course also meets the definition of two-factor, but this time around we’re looking at hardware for providing the additional factor.

Read more

EAS MD – Spring 2012 Updates

It’s spring time according to the calendar, although the weather is pretty sad and it’s not suitable for wearing only t-shirts or shorts yet. Unrelated to this it’s also time to update everyone’s favorite Exchange ActiveSync diagnostic tools :)

I showed in one of the most recent installments in the Exchange ActiveSync Building Blocks series how to implement encoding and decoding of AS-WBXML, and I have now done the proper thing and rolled it into my EAS MD utilities. For those who aren’t familiar with EAS MD it is a utility Exchange admins and developers can use to verify the status of Exchange ActiveSync as well as perform related troubleshooting.
It comes in two flavors – a browser-based hosted version running in Windows Azure, as well as a desktop version you can download and run locally.
For relevant background info:
Exchange ActiveSync Building Blocks – Intro

Read more

RSS for Posts RSS for Comments