We have another editor in our midst. Ain't it fun?
On Tue, Jan 17, 2012 at 12:55, Michael B. Smith <[email protected]> wrote: > Hehehehehe. I didn’t tell him about that part. > > > > He has sent the raw document to me. I haven’t had time to review it yet. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: Webster [mailto:[email protected]] > Sent: Tuesday, January 17, 2012 3:46 PM > > > To: NT System Admin Issues > Subject: RE: ADFS + SAML 2.0 w/ Concur = success! > > > > How your first blog post coming? > > > > A lot of my articles cover 5 to 30 minute processes and it can take a couple > of weeks to several months to go thru the entire writing process [1]. > > > > Carl Webster > > Consultant and Citrix Technology Professional > > http://www.CarlWebster.com > > > > 1. i.e. cleaning up all of MBS’ red ink from shredding my articles to > pieces > > > > From: David Lum [mailto:[email protected]] > Sent: Tuesday, January 17, 2012 1:16 AM > To: NT System Admin Issues > Subject: RE: ADFS + SAML 2.0 w/ Concur = success! > > > > 2 hours of screenshots and obfuscation and I am only just now 90% done, I’ll > finish mañana. Takes less time to do it 9the 2nd time) than document it! > > > > When I got it working Friday I then thought about why it took me a damn week > to get it. Documenting it I see the multiple places that easily tripped me > up so looking back now I can see how it took 40-ish hours to get it right. > > > > Dave > > > > From: Michael B. Smith [mailto:[email protected]] > Sent: Monday, January 16, 2012 4:35 PM > To: NT System Admin Issues > Subject: RE: ADFS + SAML 2.0 w/ Concur = success! > > > > I want to know this myself. J > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: Micheal Espinola Jr [mailto:[email protected]] > Sent: Monday, January 16, 2012 4:15 PM > To: NT System Admin Issues > Subject: Re: ADFS + SAML 2.0 w/ Concur = success! > > > > He's been made an offer that he can't [see: shouldn't] refuse! > > -- > Espi > > > > > > On Mon, Jan 16, 2012 at 1:08 PM, Kurt Buff <[email protected]> wrote: > > Now there's an offer you don't see every day. > > > On Mon, Jan 16, 2012 at 12:47, Michael B. Smith <[email protected]> > wrote: >> Happy to feature you as s guest author. >> >> Sent from my HTC Tilt™ 2, a Windows® phone from AT&T >> >> -----Original Message----- >> From: David Lum <[email protected]> >> Sent: Monday, January 16, 2012 2:38 PM >> To: NT System Admin Issues <[email protected]> >> Subject: RE: ADFS + SAML 2.0 w/ Concur = success! >> >> >> If I had a blog, I would. My internal document is far more detailed :-) >> >> Dave >> >> -----Original Message----- >> From: Webster [mailto:[email protected]] >> Sent: Monday, January 16, 2012 11:10 AM >> To: NT System Admin Issues >> Subject: RE: ADFS + SAML 2.0 w/ Concur = success! >> >> Now write that up with screen shots and you have a blog article that can >> be useful to many others. >> >> >> Carl Webster >> Consultant and Citrix Technology Professional http://www.CarlWebster.com >> >>> -----Original Message----- >>> From: David Lum [mailto:[email protected]] >>> Sent: Monday, January 16, 2012 11:56 AM >>> To: NT System Admin Issues >>> Subject: ADFS + SAML 2.0 w/ Concur = success! >>> >>> As you guys know, after much gnashing on this list I was finally able >>> to get SAML working with ADFS. What took too-many hours of banging on >>> it can know be done soup-to-nuts (including building a server OS from >>> scratch - just to make sure I have the steps right) in two hours. >>> >>> There were a couple of tripping points if you are new to this kind of >>> thing: >>> 1. Download ADFS 2.0, the ADFS role in 2008 R2 looks different and is >>> likely >>> 1.1 and not 2.0 (Google-Fu gives me conflicting info) 2. During >>> configuration, ADFS 2.0 by default assigns self-signed "token-signing" >>> and "token- decrypting" certificates, so even if you assign an >>> appropriate 3rd party certificate for Service Communications in ADFS, >>> the other two certificates need to be manually reconfigured. This >>> requires you to turn off "automatic certificate rollover" by using a >>> PowerShell script (the PS commands are provided in the error message, >>> you'd think they could offer a little add-in "would you like this >>> change to be made?" you just click OK to). Once you run this script >>> you can then add the certificates, and then you need to assign them as >>> "primary". [1][2] 3. In ADFS there is also a step where you assign the >>> Federation Service Name, and in our case I used a wildcard cert but >>> the service name needs to be an explicit host. Whatever name is >>> assigned here (say SingleSignOn.nwea.org) an appropriate DNS entry (in >>> my case a >>> CName) needs to be assigned so the DNS resolves appropriately. >>> 4. In this particular case, I had to make sure I did NOT assign an >>> encryption certificate for the relying party 5. The secure hash >>> algorithm needs to match the vendor (SHA-1 or SHA-256). >>> >>> Other than that, it is almost straightforward, LOL. I built a 2nd >>> machine this morning from scratch - including OS install - to >>> operating SSO server in about >>> 2 hours (had to confirm/refine my "build from scratch" documentation). >>> >>> David Lum >>> Systems Engineer // NWEATM >>> Office 503.548.5229 // Cell (voice/text) 503.267.9764 >>> >>> [1] There may be a way to do this during setup in ADFS, but I didn't >>> see it as I was stepping though. >>> [2] It was this step that gave us "invalid certificate was sent to >>> relying party" >>> errors. >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: http://lyris.sunbelt- >>> software.com/read/my_forums/ or send an email to >>> [email protected] >>> with the body: unsubscribe ntsysadmin >>> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
