Protocols Troubleshoot Masterclass
07-10-2019 until 11-10-2019
5-day Hands-on Protocols Troubleshooting Masterclass by John Craddock
As we move into a world of digital transformation where resources are ubiquitously distributed, authentication and authorisation become the primary mechanisms to protect valuable resources. No longer are our environments constrain within our network boundaries, we need to stretch out and embrace disparate systems. These systems may include both providers and consumers of identity.
The key to success is through the efficacious implementation of the appropriate authentication and authorisation protocols to support our ecosystems. Only through a deep understanding of the protocols involved will you be able to validate and troubleshoot your systems
Come on this 5-day masterclass and learn how to work with and troubleshoot:
- OpenID Connect
- OAuth 2.0
- REST API access
- Windows Kerberos authentication and Kerberos Constrained Delegation
The class provides you with a thorough grounding in the different protocols and shows you how to configure, test and troubleshoot. Applications/resources are running on IIS, and although the primary identity provider is Azure AD, you learn how to integrate with other identity providers.
Working with a range of troubleshooting tools including Fiddler, Wireshark, Postman and browser development tools you hone your troubleshooting skills.
If you want to resolve issues quickly, this masterclass is a must. All too often we have seen issues take days to fix whereas with the correct tools and techniques it could have been resolved in minutes. After this class, you are in an exemplary position to dramatically reduce resolution times.
- Cost: € 3.700,- excl. VAT per participant
- When: Monday the 7th of October until Friday the 11th of October 2019
- This master class is all inclusive. Food and drinks will be provided
- The working language during the master class is English
- Location: Van der Valk Den Haag/Nootdorp, Gildeweg 1, 2632 BD Nootdorp
- If you use more than two participants from one organization want to enroll, if your organization wants multiple co-workers to attend this Materclass at the same time, please contact us. There is a limited number of places available
Overlap with the Microsoft Identity Masterclass
This class uses Azure AD and an on-premises AD as the primary sources of Identity; there is a small amount of overlap with the identity masterclass when you configure Azure AD and Azure AD Connect. This class only gives a sparse explanation of the management aspects of Azure AD focusing on configuring and troubleshooting authentication and authorisation for resource access.
If you have not attended the masterclass, please make sure you are familiar with Azure AD concepts and terminology before attending this class. The class is for experienced administrators.
What to expect?
This hands-on masterclass does what it says on the tin, “Hands-On”; there are over 25 hands-on labs to strengthen and augment your learning. Through the hands-on, you consolidate your knowledge and discover a variety of troubleshooting tools and techniques.
The hands-on environment provides a perfect environment for troubleshooting, all the labs are running in the cloud, and you have access to the environment for two months after the class. We also give you a build document that shows you how to build the labs in your own VMs and supply you with all the masterclass websites and scripts.
Enhance your troubleshooting ninja skills through sharing the tips and trips that you have learned either during or outside the class. Most of the hands-on exercises are augmented with a tip and trips guide and a quiz which becomes a discussion point in which attendees can share their experiences and expertise. Sharing is a pot of gold.
About John Craddock
John is a Microsoft MVP and has designed and implemented computing systems ranging from high-speed industrial controllers through to distributed IT systems. A key player in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals. Developed technical training courses and presents regularly at major international conferences including, TechEd, ITForum and European summits. John is passionate about communicating tough technical content in an engaging and highly consumable format.
The day starts with an introduction to identity and authentication/authorization protocol. Even if you switch to federated protocols, inevitably some applications are using Windows Authentication. To integrate those apps requires Kerberos authentication. In this first day, you configure and troubleshoot Kerberos for a variety of situations. Some of the scenarios are decidedly tricky, challenging you with cross-forest scenarios even if you don’t have requirements for Kerberos in your environment, the tools and techniques that you learn work across all protocols.
- Getting started with the lab environment
- Investigating Windows authentication
- Baseline captures with Wireshark
- Troubleshooting with Wireshark
Day two continues with the examination of Kerberos delegation including constrained delegation and protocol transition which is used by the Azure AD application proxy. Once you have completed the Kerberos challenges, you create an Azure AD tenant and install Azure AD Connect to synchronise identities from on-premises to the cloud. Using your Kerberos knowledge, you investigate seamless SSO while using password hash synchronization.
- Investigating Kerberos delegation
- Configuring constrained delegation
- Investigating protocol transition
- Creating an Azure AD
- Installing and configuring Azure AD Connect
- Validating Seamless SSO
Day 3 starts with publishing and troubleshooting your windows auth apps through the Azure AD Application Proxy. You then progress to investigating the protocols used by the proxy to authenticate users and extend that knowledge to configure and troubleshoot Open ID Connect and OAuth2.0 applications using the Azure AD V1 endpoints.
- Publishing and troubleshooting a Windows auth app
- Tracing Azure AD Proxy authentication
- Installing, configuring and troubleshooting an OpenID Connect / OAuth 2.0 app
- Remotely tracing back-channel traffic
- Testing token validation with Fiddler breakpoints
- Testing and troubleshooting with Postman
- Investigating consent with the V1 endpoints
Microsoft introduced new behaviours for Open ID Connect and OAuth 2.0 with the Azure AD V2 endpoints. Discover how to publish V2 apps and work with V2 dynamic consent. After completing the session on the V2 endpoints, we shift gear, and you learn how to support applications using forms authentication in your Azure AD SSO environment.
- Deploying an app that uses the V2 endpoints
- Investigating consent with the V2 endpoints
- Publishing an OpenID Connect / OAuth 2.0 app through the proxy
- Installing & publishing a forms auth app with SSO
In this final day, you install, configure and troubleshoot applications using WS-Federation and SAML protocols. The masterclass concludes with examining the options for sharing apps with users who are external to your organization.
- Installing, configuring and troubleshooting a WS-Federation app
- Installing, configuring and troubleshooting a SAML app
- B2B federation with Google
- B2B access Windows auth applications
Bring your own device
To be able to perform the hands-on labs during the masterclass it is necessary to bring your own laptop. Without a laptop it is not possible to attend this masterclass. The hands-on labs run in a lab environment. In addition, the students themselves must have a Microsoft Azure subscription available for the different scenarios presented. Full details regarding the preparation will be shared with you before the start of the masterclass.
You will receive a hard copy of the hands-on manual. Both the hands-on manual and slides will be available in pdf format. At the end of the course, after completing an evaluation, you will receive a link to a build guide, which details how to setup the hands-on virtual environments, and copies of all the scripts and demo websites.