NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • 1
  • Tagged with
  • 2
  • 2
  • 2
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 1 to 2 of 2 (0.132 seconds)

Spelling suggestions: "subject:"Active directory federation ervices"" "subject:"Active directory federation dervices""

1

Verteilte Autorisierung innerhalb von Single Sign-On-Umgebungen : Analyse, Architektur und Implementation eines Frameworks für verteilte Autorisierung in einer ADFS-Umgebung / Distributed authorization within single sign on environments : analysis, architecture, and implementation of a framework for distributed authorization within an ADFS environment

Kirchner, Peter January 2007 (has links)
Aktuelle Softwaresysteme erlauben die verteilte Authentifizierung von Benutzern über Ver-zeichnisdienste, die sowohl im Intranet als auch im Extranet liegen und die über Domänen-grenzen hinweg die Kooperation mit Partnern ermöglichen. Der nächste Schritt ist es nun, die Autorisierung ebenfalls aus der lokalen Anwendung auszulagern und diese extern durchzu-führen – vorzugsweise unter dem Einfluss der Authentifizierungspartner. Basierend auf der Analyse des State-of-the-Art wird in dieser Arbeit ein Framework vorges-tellt, das die verteilte Autorisierung von ADFS (Active Directory Federation Services) authenti-fizierten Benutzern auf Basis ihrer Gruppen oder ihrer persönlichen Identität ermöglicht. Es wird eine prototypische Implementation mit Diensten entwickelt, die für authentifizierte Be-nutzer Autorisierungsanfragen extern delegieren, sowie ein Dienst, der diese Autorisierungs-anfragen verarbeitet. Zusätzlich zeigt die Arbeit eine Integration dieses Autorisierungs-Frameworks in das .NET Framework, um die praxistaugliche Verwendbarkeit in einer aktuel-len Entwicklungsumgebung zu demonstrieren. Abschließend wird ein Ausblick auf weitere Fragestellungen und Folgearbeiten gegeben. / Current software systems allow distributed authentication of users using directory services, which are located both in the intranet and in the extranet, to establish cooperation with part-ners over domain boundaries. The next step is to outsource the authorization out of the local applications and to delegate the authorization decisions to external parties. In particular the authorization request is back delegated to the authentication partner. Based on an analysis of the state of the art this paper presents a framework which allows the distributed authorisation of ADFS authenticated users. The authorization decisions are based on the user’s identity and groups. In this work there will be developed a prototypical imple-mentation of services which are capable of delegating authorization requests. Additionally, this work points out the integration of these services into the .NET framework to demonstrate the usability in a modern development environment. Finally there will be a prospect of further questions and work.
Single Sign On
Autorisierung
SSO
ADFS
Active Directory Federation Services
Single Sign On
Authorization
SSO
ADFS
Active Directory Federation Services
Data processing Computer science
2

Federated Identity Management : AD FS for single sign-on and federated identity management

Wikblom, Carl January 2012 (has links)
Organizations are continuously expanding their use of computer ser-vices. As the number of applications in an organization grows, so does the load on the user management. Registering and unregistering users both from within the organization and also from partner organizations, as well as managing their privileges and providing support all accumu-lates significant costs for the user management. FIdM is a solution that can centralize user management, allow partner organizations to feder-ate, ease users’ password management, provide SSO functionality and externalize the authentication logic from application development. An FIdM system with two organizations, AD FS and two applications have been deployed. The applications are constructed in .NET, with WIF, and in Java using a custom implementation of WS-Federation. In order to evaluate the system, a functional test and a security analysis have been performed. The result of the functional test shows that the system has been implemented successfully. With the use of AD FS, users from both organizations are able to authenticate within their own organization and are then able to access the applications in the organizations without any repeated authentication. The result of the security analysis shows that the overall security in the system is good. The use of AD FS does not allow anyone to bypass authentication. However, the standard integra-tion of WIF in the .NET application makes it more susceptible to a DoS attack. It has been indicated that FIdM can have positive effects on an organization’s user management, a user’s password management and login procedures, authentication logic in application development, while still maintaining a good level of security.
Federated identity management
active directory federation services
windows identity foundation
WS-Federation
Computer Engineering
Datorteknik

Page generated in 0.1502 seconds