Identity Management Crisis About and around Microsoft products Forefront Identity Manager 2010, ILM 2007 and ADFS

The Update contains a whole bunch of fixes and the full list can be found at:

Description of Update Rollup 2 for ADFS 2.0

It’s available on CodePlex now - FIM Ultimate File Connector

• Just the basic File Connector supporting the following OOB file formats:
  Attribute Value Pair (AVP)
  Delimited
  Directory Services Markup Language (DSML)
  Fixed
  LDAP Data Interchange Format (LDIF)
  
  …But has the following extra functionality:
  Full Export that before ECMA had to be handled externally from FIM/ILM/MIIS
  Files can be managed at FTP, FTPS, SFTP, SCP and File System Locations (remote from the Extensions folder)
  Files can be compressed/extracted with or without encryption/decryption
  Substitution of date and time values in file names

I would love all possible input like suggestions on how it could get better, ideas for new functionality but also the bad things otherwise how can I make it better…

Go check it out: FIM Ultimate File Connector

Just wanted to write some words about the network I’m a part of, MEET. Meet consists of around 30 individuals, all experts within one or more areas of Microsoft technology from development to security, virtualization, System Center and more.

Here’s a list over some members of Meet and their area of focus.

• Alan Smith (Azure)
• Andreas Stenhall (Windows) - Killer features in Windows 8 – Dare to miss them on TechDays?
• Björn Axell (System Center)
• Cecilia Wiren (.NET) - Möt MEET på TechDays 2012
• Chris Klug (.NET)
• Daniel Bugday (Sharepoint) - See you on TechDays 2012 Örebro #MSDN #TD2012
• Hasain Alshakarti (Security) - MEET@TechDays 2012 in Örebro
• Henrik Nilsson (FIM, ADFS, Security) - Microsoft Extended Experts Team – MEET
• Johan Arwidmark (System Center) - Networking at TechDays 2012 in Sweden - MEET
• Johan Åhlén (SQL Server) - SQL Server sessions at TechDays Sweden 2012
• Magnus Björk (Exchange) - #td2012 here I come
• Magnus Mårtensson (Azure) - TechDays.se 2012 – About Windows Azure
• Patrik Löwendahl (.NET)
• Mathias Olausson (ALM) - TechDays 2012 Sweden – Come see VS ALM 11 and TFS 11 in action!
• Jörgen Nilsson (System Center) - Microsoft Extended Experts Team – MEET
• Ola Skoog (IT Pro Evanglist) – MEET@TechDays
• Anders Olsson (Security) – Få mer ut av TechDays
• Joakim Nässlander (Windows Server, Cluster)
• Martin Lidholm (Unified Communication, Lync)
• Kent Nordström (Identity and Security)  - TechDays in Sweden
• Sergio Molero (Code Security) - TechDays 2012

You will be able to Meet most of the persons above and more of the Meet members at TechDays Sweden in Örebro as speakers or participants. If you have questions regarding Microsoft products probably no one could answer your questions better than the MEET members (we are frequently ask by Microsoft to help them out with their questions).

If you haven’t booked you ticket to TechDays Sweden yet, I think you should because there’s still some available! Go get your ticket to TechDays here.

Version 2.0 of the really great “A Guide to Claims-Based Identity and Access Control” by the Microsoft Patterns and Practices Team is available for download here…

A Guide to Claims-Based Identity and Access Control

It’s getting late so I’ll just briefly describe this unless you figured this out already…

It started out with MSFTie Ken St. Cyr published a blog post  about a Powershell Attribute Store, a really great idea except he pointed out this could be used for provisioning which is not such a great idea so I made a comment on it. He replied and complained that the ADFS Claims Rule Language lacked more advanced functionality so I just had to show you how the SQL Attribute store can be used for this. Sorry Ken, I just had to make this blog post and I hope you don’t mind me mentioning your great blog and our conversation!?

First of all make sure you have a working connection to a SQL database from ADFS using SQL Attribute store!

Here’s a simple one just to make a claim (Given Name in this case) upper case, other function could be used as well:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"]
 => issue(
store = "SQL", 
types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"), 
query = "SELECT UPPER({0})", param = c.Value
);

And here’s how the famous IsOver21 claim can be created as a scalar valued function in SQL
(far from perfect especially date conversion but it works with Swedish date format like 1979-12-23):

CREATE FUNCTION IsOver21 
( 
    @BirthDate nvarchar(10)
)
RETURNS nvarchar(3)
BEGIN
   DECLARE @Age int, @ReturnValue nvarchar(3)
   SET @Age = DATEDIFF(year, CONVERT(DATETIME,@BirthDate,20), GETDATE())
   
   IF @Age >= 21
       SET @ReturnValue = 'Yes'
   ELSE
    SET @ReturnValue = 'No'
    
    RETURN(@ReturnValue)
    
END

You can then use it like this in ADFS (please use more properly named claim types though) and note how the function needs to be prefixed with dbo:

c:[Type == "http://OddClaims.org/ws/2011/11/identity/claims/birthdate"] 
=> issue(
store = "SQL", 
types = ("http://TheCrazyClaimsFactory.com/ws/2011/11/identity/claims/AreYouReallyOver21Punk"), 
query = "SELECT dbo.IsOver21({0})", param = c.Value);

A new ECMA2 based connector for FIM 2010 R2 is already available in beta at Connect here.

New functionality:
• Support for additional object types: mail-in database, Resource (meeting rooms and on line meetings).
• Support for renames using the AdminP process.
• Dynamic schema discovery for custom attributes.
• Delta import for add and updates.

Read about the news here.

Fellow FIM MVP David Lundell has written a great article about the problem of using wildcards (% and _) in FIM XPath queries (Sets, Groups, Search Scopes etc.). The problem lies in that Microsoft has made the choice to treat these wildcard characters as literals instead of wildcards meaning that installing FIM Hotfix Rollup Package 4.0.3594.0 could break your FIM implementation.

Go ahead and read Davids article:

What the %_ is the deal with wildcards in FIM Queries in the latest hotfix?