Which tool should you use?

HOTSPOT
Yournetwork contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory
Federation Services server role installed.
You need to make configuration changes to the Windows Token-based Agent role service.
Which tool should you use?
To answer, select the appropriate tool in the answer area.

HOTSPOT
Yournetwork contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory
Federation Services server role installed.
You need to make configuration changes to the Windows Token-based Agent role service.
Which tool should you use?
To answer, select the appropriate tool in the answer area.

Answer:

Explanation:
<map><m x1=”27″ x2=”294″ y1=”270″ y2=”284″ ss=”0″ a=”0″ /></map>

To configure the Windows token-based agent
1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS)
Manager.
Etc. Configure the Windows Token-Based Agent
https://technet.microsoft.com/en-us/library/cc771128%28v=ws.10%29.aspx

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

twenty − 6 =

den

den

this is so WTF…stated reference is about Server 2008 and not applicable for 2012R2!

So I googled around for about 20 minutes or and could not find ANY accurate documentation about how to configure this service on 2012 R2.

This is ridiculous, they are describing features respective Role Services that just DO NOT EXIST!

http://bit.ly/2kZIeMD
http://apprize.info/microsoft/server_13/6.html

“Windows Token-Based Agent The Windows token-based agent resides on a web server with a Windows NT token-based application to translate an AD FS security token to an impersonation-level Windows NT token-based authentication.”

has anyone reliable information how this stuff is to configure on 2012R2??

Reply

hippo

hippo

I think I’ve seen it in the explanation of other questions, that the token-based auth works via a web server, therefore IIS. No idea for the life of me, where exactly I’ve seen it though…

Reply

fark70-412

fark70-412

KERBEROS CONSTRAINED DELEGATION?

https://technet.microsoft.com/en-us/library/cc995228.aspx

1. Idiot on internet comes in to your Web Application Proxy with certificate
2. Web Application Proxy forwards valid information to ADFS server
3. ADFS verifies user from Cert then impersonates with constrained delegation to obtain TGT and then request Kerberos service ticket for Web Server host computer
4. ADFS presents Kerberos service ticket to IIS Web server
5. Idiot on internet can now access Web server through constrained delegation of their TGT and service ticket for the Web Server computer.

So Windows Token-Based Agent lives on IIS with the web application that uses Windows Integrated authentication, the service just converts the AD FS token to a impersonated service token for the user to access web application. I think theres a utility that you run on the web server to enable SAML etc for the web app which uses this service?

I hope that flows, just go read the article above and learn yourself.

Reply