Whats new in FIM 2010 R2

May 19, 2011 at 8:04 AMHenrik Nilsson

Check out this presentation on Channel9 from the ongoing TechEd Atlanta!

Technical Overview of Microsoft Forefront Identity Manager 2010 R2

Oops! Looks like the presentation isn’t live yet but stay tuned and it’ll show up according to the Identity and Access blogIt´s alive!!!

Posted in: Forefront Identity Manager | FIM 2010 R2

Tags: ,

Finally!!! SAML2 for WIF

May 16, 2011 at 10:51 PMHenrik Nilsson

For me WIF has been a cripple without the support for SAML2/SAMLP and I’ve been forced to look at products like the SAML2 from ComponentSpace and “SAML 2 for WIF” from Safewhere (not with us anymore and globeteam.comthat took over the product charged a fortune for using it) but finally I got stuck with OIOSAML/dk.nita originally developed by Safewhere financed by the national E-ID initiative in Denmark and released as Open Source that I’ve been delivering to a bunch of customers after a few changes to make it “less Danish”.

Except for throwing a lot of time away finding the right SAML2 component to deliver I’ve also been a pain in the a** on my Microsoft contacts for not delivering this and I hope my struggle has at least a bit made them understand why SAML2/SAMLP is so important to make WIF complete. I mean WS-Fed is not where the industry is heading even though others are supporting it…unwillingly…

I’ve heard a lot of excuses like “Why don’t you use WS-Fed instead?”, “Why don’t you set up an ADFS 2.0 environment for protocol translation?” - (at least 4 servers)  and “I’m sorry, I don’t understand why we haven’t released it either!” but finally it’s almost here and you can (and I will) check it out here!

Announcing the WIF Extension for SAML 2.0 Protocol Community Technology Preview!

…and additionally a note from Vittorio!…
http://blogs.msdn.com/b/vbertocci/archive/2011/05/16/attention-asp-net-developers-saml-p-comes-to-wif.aspx

…Never heard  about Vittorio or WIF – check this out from Techdays 2010: http://channel9.msdn.com/Blogs/liese/TechDays-2010--Windows-Identity-Foundation-Overview
I just love his – As you can hear from my accent… I’m from Redmond (with Italian accent).

Posted in: WIF | Windows Identity Foundation | SAML2 | Federation

Tags: , , ,

Action Approval

May 11, 2011 at 8:49 PMHenrik Nilsson

To start with, I’m not sure this is supported and maybe this is old news…

Anyway, have you ever wanted to interrupt a request with an approval when a new resource is provisioned into FIM (and already written to App DB) when you can’t do it in the authorization stage or maybe when a resource is transitioning in or out of a set even though the approval activity is an authorization activity and you OOB can’t add it to an action workflow?

With a small tweak this is possible…

  1. Head for Administration (within the portal, are you with me?)
  2. Click All Resources and then probably as number one the resource type - Activity Information Configuration
  3. What you see now is all the available activities within FIM and what we want to do is create a new one so go ahead and click the New button (maybe you have to give yourself rights as an administrator to add Activity Information Configuration resources)
  4. Add the following values to the Common Attributes page:
    Description: This activity applies for approval from specific approvers by mail and from action workflows.
    Display Name: Action Approval
  5. Switch to the Extended Attributes page and add the following values (these values are the same as for the AuthZ Approval activity, the only difference is “Is Action activity”):
    Activity Name: Microsoft.ResourceManagement.Workflow.Activities.ApprovalActivity
    Assembly Name: Microsoft.IdentityManagement.Activities, Version=4.0.2592.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
    Is Action Activity: Checked
    Type Name: Microsoft.IdentityManagement.WebUI.Controls.ApprovalActivitySettingsPart
  6. Click OK and then Submit.

What we’ve just done is created a new Activity resource that’s basically a copy of the original Approval activity (leaving the OOB FIM configuration unchanged is a best practice) but with the difference it’s available for interrupting action workflows before subsequent activities actually do anything that requires an approval.

image

Have fun!

Posted in: Forefront Identity Manager | Workflow | Approval

Tags: , , ,