Innovating in the Trenches: Enhancing AD FS and Azure for R&E
Chris Phillips
CANARIE Inc.
Chris Phillips is the Technical Architect for CANARIE's Canadian Access Federation, an access federation operating the eduroam and SAML trust fabrics in Canada. Chris has a BSc in Computing from Queen's University in Kingston (1995) and has worked previously in the private sector through multiple acquisitions followed by just under a decade with Queen's working on internet scale systems for directory, mail, single sign on, and identity management systems that interact with Peoplesoft. Chris is also the Chair of the Community Architecture Committee for Trust and Identity(CACTI) of Internet2, a member of the eduGAIN Steering Group and the Global eduroam Governance Committee, participates with IETF activities, and is an active participant in Internet2 working groups.
Abstract
As early adopters, NREN partners like CANARIE have, and continue to invest considerably in evaluating and evolving technologies and standards in order to deliver enhanced federated identity solutions. In a commercial cloud... [ view full abstract ]
As early adopters, NREN partners like CANARIE have, and continue to invest considerably in evaluating and evolving technologies and standards in order to deliver enhanced federated identity solutions. In a commercial cloud dominated environment, vendors like Microsoft have had to radically reinvent themselves to stay competitive but not necessarily with the same guiding principles as our community. As part of this evolution and adoption of federation for the enterprise, their identity related offerings and tools have matured over time yet still have some shortcomings in key areas that R&E federations require.
CANARIE and the Swedish federation SWAMID have been working together on ways to bridge these gaps in a sustainable fashion. Not to replace existing solutions, but to augment and enable those who are operating AD FS as an IdP component in their federated identity solution. Rather than see this as a barrier, we saw it as an opportunity to capitalize on this tool's capability and expand the circle of trust among federated identities via the integration of broadly used technology like AD FS.
Together CANARIE and SWAMID have assembled a solution set of native Windows tools and practices resulting in the ADFS Toolkit. The ADFS Toolkit helps AD FS administrators enhance their identity provider to more fully participate in a multi-lateral identity federation. Having another option to leverage pre-developed tools lowers the barrier significantly for sites normally not able to participate in identity federations, increasing the reach for our researchers tapping into existing infrastructure and growing our community.
This presentation will provide a walk-through of the ADFS Toolkit solution set and share our experiences operating in our production federations with participating AD FS sites. We will also provide insight to our experience in porting the ADFS Toolkit to the AzureAD ecosystem.
Authors
-
Chris Phillips
(CANARIE Inc.)
Topic Area
Technologies and Trends: Ensuring system interoperability, scalability, and extensibility
Session
D4-S2-08 » Thursday Session 2 - 8 (09:45 - Thursday, 21st June, AQ 3005)
Presentation Files
The presenter has not uploaded any presentation files.
