Scribd Logo
Importer

Bienvenue sur Scribd !

  • BRK3139

    Transféré par

    RaphaelCP
    111 vues37 pages
    Microsoft

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPTX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Microsoft

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    111 vues37 pages

    BRK3139

    Transféré par

    RaphaelCP
    Microsoft

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 37

    “We’re also publishing more than 200 on prem web

    applications to the cloud with Azure Active Directory


    App Proxy which makes our employees lives easier since
    they can securely access these apps without VPN.”

    Stephen Booth, IT Solution Manager, Unilever


    Azure AD
    Application
    proxy

    Inside Corp Net


    Management portal(s)

    REST APIs

    GRAPH APIs

    Synchronise users
    from your AD DS
    https://www.microsoft.com/en-us/cloud-platform/azure-active-directory-features
    Port Number Description
    80 To enable outbound HTTP traffic for security validation.
    To enable user authentication against Azure AD (required only for the Connector registration
    443
    process)
    10100 - 10120 To enable LOB HTTP responses sent back to the proxy
    To enable communication between the Connector toward the Azure service for incoming
    9352, 5671
    requests. Uses 443 when configured to use a forward proxy.
    9350 Optional. To enable better performance for incoming requests.
    8080 To enable the Connector bootstrap sequence and to enable Connector automatic update
    9090 To enable Connector registration (required only for the Connector registration process)
    9091 To enable Connector trust certificate automatic renewal
    Azure AD
    Application
    Proxy
    External
     Published: 
    endpoint for App1
    app1 with
    application
    passthrough Azure AD
    Application proxy
    Internet Azure connector On-premises
    Azure AD  Azure AD
    endpoint for
    authentication Possible sync

    Authentication AD
    Azure AD
    Application
    Proxy
    External Published:
     
    endpoint for app1 with App1
    application preauth Azure AD
    Application proxy
    Internet Azure connector On-premises
    Preauthentication flow Azure AD
    Secure channel
    Application
    Proxy
    Published: Authenticates
    Azure AD
    app1 with via Azure AD app1
    preauth
    User On-premises
    Send app1 GET request connector
    Redirected to Azure AD with authentication string

    Send Azure AD GET request with authentication string Authenticate user


    return access token
    Return page with token ST and set authentication
    cookies
    ST
    Send token with app1 POST
    Validate token and
    Redirected to app1 set access cookie

    AzureAppProxyAccessCookie
    App1
    app1 GET request authenticates
    Page rendered Passed through secure channel user with
    selected method
    Azure AD Azure AD

    endpoint for
    authentication Possible sync
    Authentication
    AD
    KDC
    Azure AD KCD
    Kerberos token
    Application injected into header
    Proxy
    External Published:
      App1
    endpoint for app1 with  Kerberos auth
    application preauth Azure AD
    Application proxy
    Internet Azure connector On-premises
    Kerberos
    Azure AD Azure AD Possible sync

    endpoint for
    authentication
    Authentication Security AD
    Azure AD token service
    AAD App
    Application
    Proxy Trust
    Proxy
    External Published:
      App1
    endpoint for app1 with claims aware
    application preauth
    Azure AD
    Application proxy
    Internet Azure connector On-premises
    Azure AD
    endpoint for
    authentication Possible sync
    Authentication AD
    Azure AD
    Application
    Proxy
    External
    Published: App1
    endpoint for
    app1 with claims aware
    application Azure AD Trust
    preauth
    Application proxy
    Azure Trust
    connector

    External ADFS Web


    endpoint for Application ADFS
    authentication Proxy

    Internet DMZ On-premises


    Azure AD Azure AD
    endpoint for
    authentication Possible sync
    Authentication Trust AD
    Azure AD
    Application
    Proxy
    External Published:
    endpoint for app1 with App1
    application preauth Azure AD
    Application Proxy
    Internet Azure connector On-premises
    Azure AD
    endpoint for Sync
    authentication
    Authentication Trust AD
    Azure AD
    Application
    Proxy
    External
    Published: App1
    endpoint for
    app1 with claims aware
    application Trust
    preauth Azure AD
    Azure Application Proxy Trust
    connector
    External ADFS Web
    endpoint for Application AD FS
    authentication Proxy

    Internet DMZ On-premises


    John has designed and implemented computing systems ranging
    from high-speed industrial controllers through to distributed IT
    systems with a focus on security and high-availability. A key player
    in many IT projects for industry leaders including Microsoft, the UK
    Government and multi-nationals that require optimized IT systems.
    John Developed technical training courses that have been published
    worldwide, co-authored a highly successful book on Microsoft
    Craddock Active Directory Internals, presents regularly at major international
    conferences including TechEd, IT Forum and European summits.
    Infrastructure and
    security Architect John can be engaged as a consultant or booked for speaking
    XTSeminars Ltd engagements through XTSeminars. www.xtseminars.co.uk
    www.microsoft.com/itprocareercenter

    www.microsoft.com/itprocloudessentials

    www.microsoft.com/mechanics

    https://techcommunity.microsoft.com
    http://myignite.microsoft.com

    https://aka.ms/ignite.mobileapp

    Vous aimerez peut-être aussi