The NRMA engages Kloud to develop a group-wide intranet solution to improve usability and collaboration

5th of November, 2014 / / No Comments

Customer Overview

The National Roads and Motorists’ Association (the NRMA) is Australia’s largest member-owned organisation, with 2.4 million members across New South Wales and the Australian Capital Territory. In recent years the NRMA has expanded beyond its original roadside offering, to help members across a broad range of services, including NRMA MotorServe service centres, NRMA Emergency Home Assist, NRMA Travel, holiday accommodation through NRMA Holiday Parks and car rental, where NRMA owns Thrifty Car Rental in Australia and New Zealand.… [Keep reading] “The NRMA engages Kloud to develop a group-wide intranet solution to improve usability and collaboration”

ADFS Metadata Conversion for Shibboleth

31st of October, 2014 / / No Comments

I recently blogged about the issues integrating Shibboleth Service Providers with ADFS. As an update to that blog one of Kloud’s super smart developers (Alexey Shcherbak) has re-written the FEMMA ADFS2Fed.py Python script in PowerShell, removing the need for Python and the LXML library! The ADFS2Fed converts ADFS metadata for consumption by a Shibboleth SP. Below is the output of Alexey’s labour, awesome work Alexey!

[code language=”PowerShell” gutter=”false”]
$idpUrl = "https://federation.contoso.com";
$scope = "contoso.com";
$filename = ((Split-Path -parent $PSCommandPath) +"\federationmetadata.xml");… [Keep reading] “ADFS Metadata Conversion for Shibboleth”

Shibboleth Service Provider Integration with ADFS

29th of October, 2014 / / 4 Comments

If you’ve ever attempted to integrate a Shibboleth Service Provider (Relying Party) application with ADFS, you’d have quickly realised that Shibboleth and ADFS are quite different beasts. This blog covers off some of the key issues involved and provides details on how to get ADFS to play nice with a Shibby Service Provider (SP). This blog does not cover configuring ADFS to participate as a member in a Shibboleth Federation like InCommon or the Australian Access Federation (AAF).… [Keep reading] “Shibboleth Service Provider Integration with ADFS”

Extending Yammer SSO to Support Users Without an Email Address

16th of October, 2014 / / 1 Comment

BY TONY DU, JOEL NEFF

Yammer Enterprise is offered through the Microsoft Office 365 Enterprise plan. Deployment of Yammer Single Sign-On (SSO) for Office 365 users with a valid primary email address is a relative simple and well documented process.

One of our customers had a requirement for Yammer as a social platform, however a large percentage of their workforce are not enabled for email services. In the ‘SSO Implementation FAQ‘ published by Microsoft, it suggests that it is possible to configure SSO support for user accounts that do not have an email address associated with them, however there isn’t any supporting documentation to go with it.… [Keep reading] “Extending Yammer SSO to Support Users Without an Email Address”

Kloud delivers infrastructure reforms for one of SA’s largest privately-owned companies

19th of September, 2014 / / No Comments

Customer Overview

Cavpower is one of South Australia’s largest privately-owned companies and has been the dealer for the supply, service and maintenance of Caterpillar equipment in SA and Broken Hill since 1972. They provide equipment sales and product support to the mining, quarry, local government, building/heavy construction, power generation, industrial services, petroleum, road transport, waste management, forestry and marine industries.

Business Situation

Cavpower self-manage the majority of their ICT in-house. The company’s infrastructure is largely centralised with core servers and infrastructure hosted on–premises at their head office. … [Keep reading] “Kloud delivers infrastructure reforms for one of SA’s largest privately-owned companies”

Azure Active Directory Synchronization Tool: Password Sync as Backup for AD FS Federated Domains

9th of July, 2014 / / No Comments

Kloud has helped many Australian businesses leverage Microsoft cloud services such as Office 365, Intune and Microsoft Azure and most have implemented Active Directory Federation Services (AD FS) to provide a highly available Single Sign-On (SSO) user experience. In mid-2013, the Windows Azure Active Directory Synchronization Tool was updated to support password synchronisation with Azure Active Directory, which provided an alternative way to leverage on-premises authored identities with Microsoft’s cloud services.

Password synchronisation is a feature of the Azure Active Directory Sync Tool that will synchronise the password hash from your on-premises Active Directory environment to the Azure Active Directory.… [Keep reading] “Azure Active Directory Synchronization Tool: Password Sync as Backup for AD FS Federated Domains”

Claims-Based Federation Service using Microsoft Azure

6th of June, 2014 / / 16 Comments

In this post I will discuss how you can setup Microsoft Azure to provide federation services with claims authentication in the same way that an Active Directory Federation Service (ADFS) farm would on-premises. This can be achieved with an Azure subscription, Access Control Services (ACS) and an Azure Active Directory (AAD) instance. The key benefit of using Azure SaaS is that Microsoft have taken care of all the high availability and load scaling configuration, therefor you have no need to manage multiple ADFS servers to gain the same desired functionality.… [Keep reading] “Claims-Based Federation Service using Microsoft Azure”

PowerShell Deployment of Web Application Proxy and ADFS in Under 10 Minutes

14th of August, 2013 / / 17 Comments

===========================================================================
Updated 10 September 2013: tested with Windows 2012 R2 RTM and the script functions as in R2 Preview. Outlook Anywhere bug in the Preview code has been fixed and Outlook now works with RTM. Updated the script to correct Autodiscover ExternalURL
===========================================================================

In this post I will be discussing deploying a highly available Windows 2012 R2 Preview ADFS and Web Application Proxy solution using only PowerShell. This was done as a proof of concept to compare the time taken as well as complexity to build and configure a Reverse Proxy solution to replace a UAG 2010 array.… [Keep reading] “PowerShell Deployment of Web Application Proxy and ADFS in Under 10 Minutes”

AD FS and self-signed Token-Signing certificates

17th of July, 2013 / / 3 Comments

AD FS uses Token-Signing certificates to digitally sign security tokens generated by the service. This signature provides evidence that a security token has not been modified during transit. The public key of the Token-Signing certificate is provided during establishment of federation trusts so that the application or service receiving a signed security token can verify the signature.

Recently a Kloud client raised a query about the use of self-signed certificates versus use of a commercial certificate from a public certificate authority for the AD FS Token Signing certificate.… [Keep reading] “AD FS and self-signed Token-Signing certificates”

Windows 2012 R2 Preview Web Application Proxy – Exchange 2013 Publishing Tests

3rd of July, 2013 / / 51 Comments

==================
Updated: 10 September 2013

==================
Updated: 15 July 2013

  • I have heard from a member of the Web Application Proxy product group who said there is a bug in the Preview version that prevents Outlook Anywhere from working. They say it will be fixed in the RTM version
  • Lync 2013 and  Office Web Apps 2013 have been tested and work with some configuration changes.
[Keep reading] “Windows 2012 R2 Preview Web Application Proxy – Exchange 2013 Publishing Tests”