Skip to main content

How single sign-on with KCD works

This diagram explains the flow when a user attempts to access an on-prem application that uses IWA.
Microsoft AAD authentication flow diagram
  1. The user enters the URL to access the on-prem application through Application Proxy.
  2. Application Proxy redirects the request to Azure AD authentication services to preauthenticate. At this point, Azure AD applies any applicable authentication and authorization policies, such as multifactor authentication. If the user is validated, Azure AD creates a token and sends it to the user.
  3. The user passes the token to Application Proxy.
  4. Application Proxy validates the token and retrieves the User Principal Name (UPN) from it, and then sends the request, the UPN, and the Service Principal Name (SPN) to the Connector through a dually authenticated secure channel.
  5. The Connector performs Kerberos Constrained Delegation (KCD) negotiation with the on-prem AD, impersonating the user to get a Kerberos token to the application.
  6. Active Directory sends the Kerberos token for the application to the Connector.
  7. The Connector sends the original request to the application server, using the Kerberos token it received from AD.
  8. The application sends the response to the Connector, which is then returned to the Application Proxy service and finally to the user.
Labels:

Comments

Post a Comment

Popular posts from this blog

What is the difference between Elastic and Enterprise Redis w.r.t "Hybrid Query" capabilities

  We'll explore scenarios involving nested queries, aggregations, custom scoring, and hybrid queries that combine multiple search criteria. 1. Nested Queries ElasticSearch Example: ElasticSearch supports nested documents, which allows for querying on nested fields with complex conditions. Query: Find products where the product has a review with a rating of 5 and the review text contains "excellent". { "query": { "nested": { "path": "reviews", "query": { "bool": { "must": [ { "match": { "reviews.rating": 5 } }, { "match": { "reviews.text": "excellent" } } ] } } } } } Redis Limitation: Redis does not support nested documents natively. While you can store nested structures in JSON documents using the RedisJSON module, querying these nested structures with complex condi...
Post a Comment
Read more

How are vector databases used?

  Vector Databases Usage: Typically used for vector search use cases such as visual, semantic, and multimodal search. More recently, they are paired with generative AI text models for conversational search experiences. Development Process: Begins with building an embedding model designed to encode a corpus (e.g., product images) into vectors. The data import process is referred to as data hydration. Application Development: Application developers utilize the database to search for similar products. This involves encoding a product image and using the vector to query for similar images. k-Nearest Neighbor (k-NN) Indexes: Within the model, k-nearest neighbor (k-NN) indexes facilitate efficient retrieval of vectors. A distance function like cosine is applied to rank results by similarity.
Post a Comment
Read more

Feature Engineering - What and Why

Feature engineering is a crucial step in the machine learning pipeline where you create new, meaningful features or transform existing features to improve the performance of your predictive models. It involves selecting, modifying, or creating features from your raw data to make it more suitable for machine learning algorithms. Here's a more detailed overview of feature engineering: Why Feature Engineering? Feature engineering is essential for several reasons: Improving Model Performance: Well-engineered features can significantly boost the predictive power of your machine learning models. Handling Raw Data: Raw data often contains noise, missing values, and irrelevant information. Feature engineering helps in cleaning and preparing the data for analysis. Capturing Domain Knowledge: Domain-specific insights can be incorporated into feature creation to make the model more representative of the problem. Common Techniques and Strategies: 1. Feature Extraction: Transforming raw data...
Post a Comment
Read more