I started this blog on the plane returning from The Experts Conference (TEC) 2009 in Las Vegas this past week where I had the opportunity to deliver a session about using AD FS, MOSS 2007 and AD RMS together – now there’s some moving parts!! But it’s really cool to have it all working across five Virtual Machines on my laptop! Anyway, I’ll wrap this up and provide guidance on how to setup Geneva Server to issue managed information cards. It couldn’t be much easier…
Disclaimer: This blog is not the source for official guidance regarding Microsoft Code Name “Geneva”. Please always refer to the Geneva Team Blog for official information from the product group and post any Geneva questions on the Geneva Forum.
Step 1: Setup a Username/password Information Card [2-4 minutes]
Step 2: Deploy Card Issuance website to IIS [1-3 minutes]
Step 3: Retrieve an Information Card and access a Claims-Aware Application [2-5 minutes]
You might say, so what’s the point? Well, the claims-aware application does not change irrespective of the type of plumbing that is used to authenticate the user. That’s the responsibility of the Identity Provider, Geneva Server in our case. The end result was that a token was issued from Geneva Server with the appropriate claims that the application could use to do it’s business. That’s really cool!!
Again, no changes are needed in your application and it’s capable of being reached (due to Geneva’s use of standards-based, interoperable protocols and tokens) by users from different security domains and various computing platforms. Architect and write the application once, and have it reached from anywhere. I like it!!!
Ok, now you’re ready to venture into building your own claims-aware sample application on your Geneva-Server VM. For that, I’ll refer you to Vittorio’s blog Vibro.NET. He has two great posts to get you rolling. His first shows you how to use a very handy tool called FedUtil and the second shows how Geneva Server can use the metadata generated by FedUtil to automatically wire up a Relying Party claims-aware application, where we followed manual steps to do this. Your implementation will not be a federated one, since your Geneva Server is serving as both the Identity Provider and the STS for your Relying Party claims-aware application, but you will use FedUtil the same way in any case.
Here’s a few tips to follow Vittorio’s blog posts with your Geneva-Server VM:
As always, please post any questions relating to the Geneva Framework or Geneva Server on the Geneva Forum. If you have questions about this VM setup, please feel free to post them here. Geneva related resources, including excellent whitepapers, are available at http://microsoft.com/geneva.