The Wingtip Toys forest hosts a web application that users in the Tailspin Toys forest need to access.
Youare the system administrator at Wingtip Toys. A single federation server is present in each
forest and you are configuring a federated trust.
Which of the following statements are true about the deployment solution? (Choose all that apply.)
A.
The AD FS server in the Tailspin Toys forest will function as the claims-provider server.
B.
The AD FS server in the Tailspin Toys forest will function as the relying-party server.
C.
Configure a relying-party trust on the Wingtip Toys AD FS server.
D.
Configure a claims-provider trust on the Wingtip Toys AD FS server.
I’ll go for A and C
0
1
I agree
0
1
Given answer is CORRECT.
Wingtip has the application, so this is the Repying Party
Tailsping has the users, so this is the Claims Provider
For this question :
Tailspin is the Claims Provider Server (it claims to be some-one)
Wingtip has the Claims-Provider trust (it trusts the claims)
Additional info
Wingtip is the Relying Party (it relies (trusts) some-one)
Tailspin has the Relying-Party trust
4
0
So
http://www.aiotestking.com/microsoft/which-of-the-following-statements-are-true-about-the-deployment-solution-3/
is wrong, is it?
it is the same question with different answers. it is the previous question (419) and the answer provided were B and C
As far as i know there is no claims-provider server but relying-party server
0
0
As Franc mentioned above, the given answer is correct.
In http://www.aiotestking.com/microsoft/which-of-the-following-statements-are-true-about-the-deployment-solution-3/, the options provides are different from the ones in this Q.
Claims Provider
A claims provider is a federation server that provides users with claims. These claims are stored with digitally encrypted and signed tokens. When a user needs a token, the claims provider server contacts the Active Directory deployment in its native forest to determine if the user is authenticated. If the user is properly authenticated against the local Active Directory deployment, the claims provider then builds a user claim using attributes located within Active Directory and other attribute stores. The attributes that are added to the claim are dependent on the attributes required by the partner.
Relying party
The relying party server is a member of the Active Directory forest that hosts the resources that the user in the partner organization wants to access. The relying party server accepts and validates the claims contained in the token issued by the claims provider. The relying party server then issues a new token that is used by the resource to determine what access to grant the user from the partner organization
You configure the relying party trust on the AD FS server that functions as the claims provider server.
You configure the claims provider trust on the Federation Server that functions as the relying party.
From “Training Guide – Configuring Advanced Windows Server 2012 R2 Services”
1
0
They are very similar questions. The key part to look out for is “You are the system administrator at Tailspin Toys” or “You are the system administrator at Wingtip Toys”. For this particular question, Franc’s answer is correct and is the same as the comments provided on v4.
4
0
Sharp eye Ricky, thanks for pointing it out.
0
0
https://technet.microsoft.com/en-us/library/ee913566(d=printer,v=ws.11).aspx
A.
Claims provider – The organization that provides claims to its users. See account partner organization.
Account federation server – The federation server in the account partner organization.
D.
Claims provider trust – Claims provider trusts are trust objects typically created in resource partner organizations to represent the organization in the trust relationship whose accounts will be accessing resources in the resource partner organization.
1
0
Answer: B, C, & D
Tailspin will need to configure a relying party trust to the Wingtip FS (in order to send claims/group/ect to Wingtip).
Wingtip FS will need to configure a Claims provider trust for Tailspin (in order to accept/transform claims from Tailspin).
Wingtip FS will also need to configure a relying Party Trust to the web application (in order to pass claims to the web app).
Below is a good link for configuring a setup such as that in the question. It will require 2 DCs (each on a separate domain), a FS in each domain, and a Webserver.
https://samilamppu.wordpress.com/2014/09/15/creating-federation-trust-between-organizations/
0
1
A and D are correct.
A- Yes, Tailspin will provide the claims since the users are from them.
B- No. The relying-party is the party with the resource.
C- No. We are not sure if the web is claim-aware, so no need to create Relying-party trust.
D- Yes. We need claims-provider trust in Wingtip to accept claims from the claim-provider party.
A side note:
About C, shouldn’t Wingtip provide another claim after it consumes the 1st claim to access the web?
I guess we should assume in this question the web is not a claim-aware application since it does not mention it explicitly.
0
0