Skip to content

Microsoft Business Ready Security–Secure Collaboration with Partners by using AD FS

February 7, 2011

Did you know that you can download virtual labs to your own host system and test Microsoft Business Ready Security (BRS) solutions? It is available to anyone on the Internet. Go check it out for yourself:

If for some reason you can not download those labs, don’t have time to set it all up , don’t have capable hardware/OS to run it or you need extra explanation on how these solutions work then you are in the right place. Here is one of the solutions that are enabled by Microsoft BRS.

The following demo shows solution created to satisfy the following business and technical requirements:

  • Woodgrove Bank and TreyEngineering are working on a joint project.
  • Woodgrove Bank must provide access to some documents on its Extranet SharePoint site to employees of TreyEngineering who was assigned to this project.
  • Woodgrove Bank will not create accounts for TreyEngineering employees in its user domain.
  • TreyEngineering employees should have SSO experience when accessing documents on Woodgrove Bank Extranet SharePoint site.
  • SharePoint must be protected from documents with known viruses.

For best viewing experience please watch it in Full screen with High Definition ON. Let me know if you have any questions.

  1. ron permalink

    good video dmitrii. I’m just starting to learn about adfs.
    I don’t understand how there can be a direct trust relationship between the 2 adfs servers. I assume they would be behind firewalls. But your diagram shows direct arrows between the 2. Also you show a direct arrow in step 7 between charlie and denver’s adfs. wouldn’t all of this traffic have to be re-directed via the extranet server?


    • Ron,
      ADFS trust is PKI based, so you don’t need connectivity between ADFS servers for it to work. When you configure this trust you’d import federation metadata file and ensure that the cert is trusted. If you don’t have connectivity between ADFS servers, you can simply copy federation metadata file via file copy. In step 7 clients browser will redirect SAML token back to the RP, RP will evaluate and issues new token, this token will be provided to the target application (steps 9 and 10).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: