{"id":522,"date":"2011-10-20T06:25:46","date_gmt":"2011-10-20T04:25:46","guid":{"rendered":"http:\/\/www.identitycosmos.com\/?p=522"},"modified":"2011-10-20T06:25:46","modified_gmt":"2011-10-20T04:25:46","slug":"adfs-rollup-1","status":"publish","type":"post","link":"https:\/\/identitycosmos.com\/index.php\/2011\/10\/20\/adfs-rollup-1\/","title":{"rendered":"Sortie de l&#8217;Update Rollup 1 pour AD FS 2.0"},"content":{"rendered":"<p><a href=\"http:\/\/www.identitycosmos.com\/wp-content\/uploads\/2011\/10\/Update.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-523\" title=\"Update\" src=\"http:\/\/www.identitycosmos.com\/wp-content\/uploads\/2011\/10\/Update.png\" alt=\"\" width=\"256\" height=\"256\" srcset=\"https:\/\/identitycosmos.com\/wp-content\/uploads\/2011\/10\/Update.png 256w, https:\/\/identitycosmos.com\/wp-content\/uploads\/2011\/10\/Update-150x150.png 150w\" sizes=\"auto, (max-width: 256px) 100vw, 256px\" \/><\/a>Microsoft \u00e0 d\u00e9livr\u00e9 l&#8217;Update Rollup 1 pour AD FS 2.0. En dehors des habituelles corrections de bugs, de nouvelles fonctions extr\u00eamement int\u00e9ressantes sont apparues dans ce Rollup. On notera que des fonctions strat\u00e9giques autour de la f\u00e9d\u00e9ration avec Office365 surgissent dans cet update.<\/p>\n<p>&gt;&gt; <strong>Tout d&#8217;abord, les corrections de bug<\/strong> (en anglais):<\/p>\n<ul>\n<li><a href=\"http:\/\/support.microsoft.com\/kb\/2254265\">KB2254265<\/a> (http:\/\/support.microsoft.com\/kb\/2254265) The &#8220;500&#8221; error code is returned when you send an HTTP SOAP request to the &#8220;\/adfs\/services\/trust\/mex&#8221; endpoint on a computer that is running Windows Server 2008 R2 or Windows Server 2008<\/li>\n<\/ul>\n<ul>\n<li><a href=\"http:\/\/support.microsoft.com\/kb\/2272757\">KB2272757<\/a> (http:\/\/support.microsoft.com\/kb\/2272757) An identity-provider-initiated sign-on process is slow in Windows Server 2008 R2 and in Windows Server 2008<\/li>\n<\/ul>\n<ul>\n<li>The &#8220;400&#8221; error code is returned when sending an authentication request to AD FS 2.0 federation server proxy through Windows integrated authentication endpoint (Nego 2)<\/li>\n<\/ul>\n<ul>\n<li>Decrease in performance occurs on AD FS 2.0 federation server when a user who is authenticating has a large number of group memberships.<\/li>\n<\/ul>\n<ul>\n<li>Failure to join an AD FS 2.0 federation server to an existing SQL-based federation server farm when the AD FS 2.0 administrator that tries the join operation does not have admininistrator rights to the SQL Server database.<\/li>\n<\/ul>\n<ul>\n<li>AD FS 2.0 Federation Service cannot create or verify Security Assertion Markup Language (SAML) tokens when the private keys of an AD FS 2.0 token-signing certificate and\/or token decryption certificate are stored by using third-party cryptographic service providers (CSP), for example hardware security mode (HSM).<\/li>\n<\/ul>\n<p>&gt;&gt; <strong>Les nouvelles fonctions<\/strong>:<\/p>\n<ul>\n<li>Fonction 1: &#8220;<span style=\"text-decoration: underline;\">Multiple Issuer Support for Office365<\/span>&#8220;: Une organisation utilisant une for\u00eats avec des diff\u00e9rents domaines et donc diff\u00e9rents UPN \u00e9tait oblig\u00e9 d&#8217;instancier plusieurs serveurs AD FS 2.0 pour g\u00e9rer les diff\u00e9rents UPN vis \u00e0 vis d&#8217;Office365 &#8211; cette nouvelle fonction permet de fournir le SSO entre la for\u00eat de l&#8217;organisation et Office365 quelque soit le nombre de domaines diff\u00e9rents \u00e0 g\u00e9rer. Vous trouverez des informations compl\u00e9mentaires <a href=\"http:\/\/onlinehelp.microsoft.com\/en-us\/office365-enterprises\/ff652560.aspx#BKMK_CreateOrConvertADomain\">ici<\/a><\/li>\n<\/ul>\n<ul>\n<li>Fonction 2: &#8220;<span style=\"text-decoration: underline;\">Client Access Policy Support for Office365<\/span>&#8220;: Cette nouvelle fonction va permettre aux organisations de param\u00e9trer l&#8217;utilisation de la f\u00e9d\u00e9ration ou non pour acc\u00e9der en SSO \u00e0 Office365 en fonction de la localisation du client ou m\u00eame de la nature de l&#8217;utilisation du protocole. Vous trouverez des information compl\u00e9mentaires <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/hh526961%28WS.10%29.aspx\">ici<\/a><\/li>\n<\/ul>\n<ul>\n<li>Fonction 3: &#8220;<span style=\"text-decoration: underline;\">Congestion Avoidance Algorithm<\/span>&#8220;: Ce nouveau param\u00e8tre permet d&#8217;ajuster le comportement du Proxy AD FS en fonction de la charge r\u00e9elle du serveur AD FS2.0 ; Globalement, l&#8217;id\u00e9e est de permettre de r\u00e9guler la charge ou plut\u00f4t d&#8217;\u00e9viter la surcharge du serveur AD FS 2.0 en ajustant les requ\u00eates provenant du proxy AD FS. Il faut alors modifier le fichier de configuration du proxy AD FS au niveau de la section <em>&lt;microsoft.identityServer.proxy&gt;<\/em> en rajoutant une ligne telle que:<br \/>\n<em>&lt;congestionControl latencyThresholdInMSec=&#8221;2000&#8243; minCongestionWindowSize=&#8221;16&#8243; \/&gt;<\/em><\/li>\n<\/ul>\n<p style=\"text-align: center;\">Avec les param\u00e8tres ajustables suivants:<\/p>\n<p><a href=\"http:\/\/www.identitycosmos.com\/wp-content\/uploads\/2011\/10\/param%C3%A8tres1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-526 aligncenter\" title=\"param\u00e8tres1\" src=\"http:\/\/www.identitycosmos.com\/wp-content\/uploads\/2011\/10\/param%C3%A8tres1-300x144.png\" alt=\"\" width=\"300\" height=\"144\" \/><\/a><\/p>\n<ul>\n<li style=\"text-align: left;\">\u00a0Fonction 4: &#8220;<span style=\"text-decoration: underline;\">Additional AD FS 2.0 performance counters<\/span>&#8220;:\u00a0 Le serveur AD FS 2.0 et le proxy AD FS poss\u00e8dent maintenant de nouveaux compteurs de performance tels que d\u00e9crits dans le tableau suivant:<\/li>\n<\/ul>\n<p><a href=\"http:\/\/www.identitycosmos.com\/wp-content\/uploads\/2011\/10\/param%C3%A8tres2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-527 aligncenter\" title=\"param\u00e8tres2\" src=\"http:\/\/www.identitycosmos.com\/wp-content\/uploads\/2011\/10\/param%C3%A8tres2-300x216.png\" alt=\"\" width=\"300\" height=\"216\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Pour r\u00e9cup\u00e9rer le hotfix, rendez vous sur le<a href=\"http:\/\/support.microsoft.com\/hotfix\/KBHotfix.aspx?kbnum=2607496&amp;kbln=en-us\"> site support de Microsoft<\/a> ou contactez votre TAM<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft \u00e0 d\u00e9livr\u00e9 l&#8217;Update Rollup 1 pour AD FS 2.0. En dehors des habituelles corrections de bugs, de nouvelles fonctions extr\u00eamement int\u00e9ressantes sont apparues dans ce Rollup. On notera que des fonctions strat\u00e9giques autour de la f\u00e9d\u00e9ration avec Office365 surgissent dans cet update.<\/p>\n<p>&gt;&gt; Tout d&#8217;abord, les corrections de bug (en anglais):<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[18,89,147,166,210],"class_list":["post-522","post","type-post","status-publish","format-standard","hentry","category-technique","tag-adfs","tag-federation","tag-microsoft","tag-office365","tag-saml"],"_links":{"self":[{"href":"https:\/\/identitycosmos.com\/index.php\/wp-json\/wp\/v2\/posts\/522","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/identitycosmos.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/identitycosmos.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/identitycosmos.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/identitycosmos.com\/index.php\/wp-json\/wp\/v2\/comments?post=522"}],"version-history":[{"count":0,"href":"https:\/\/identitycosmos.com\/index.php\/wp-json\/wp\/v2\/posts\/522\/revisions"}],"wp:attachment":[{"href":"https:\/\/identitycosmos.com\/index.php\/wp-json\/wp\/v2\/media?parent=522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/identitycosmos.com\/index.php\/wp-json\/wp\/v2\/categories?post=522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/identitycosmos.com\/index.php\/wp-json\/wp\/v2\/tags?post=522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}