Certificate and Key Expiration information regarding your Access Control Service (ACS) 2.0 Namespace
I've received an email from Windows Azure Team ([email protected]) with the above title. It suggests
I
We are writing to inform you that certificates or keys related to one or more of your Namespaces are about to expire between July 8, 2012-November 8, 2012.
Please find below the list of your Namespaces that need Certificate or Key rollover:
fiftyeggs-cache
These namespaces can be viewed by signing in to your Windows
Azure portal subscription. After you have signed in you are redirected to the Management Portal page. On the lower left-hand side of this page, click Service Bus, Access Control & Caching. To see
the registered namespaces under your subscription, under Services click Access Control/Service Bus/Caching.
However, this is a cache-namespace which appears to be a Managed Namespace
http://msdn.microsoft.com/en-us/library/gg185943.aspx and I don't believe there is any way of managing keys. Can anyone help or point me to the relevant article. I don't want the cache keys to expire (the site will die) but there doesn't appear to
be any actions for me to take.
Did you add a X509/Symmetric Key/Password based "Service Identities" (Re Carson Wa above). If not, my year
is up on the 27th so I'll schedule for random failures! That will not keep my clients happy.
Can you keep us informed of the progress of your ticket here please :-)
I got an email from MS yesterday...
We inadvertently sent an email message to you between June 12 and June 18, 2012, that
described updating expiring certificates and keys in the Access Control Service (ACS) namespaces used by your Service Bus or Cache namespaces. The message referred to the following namespaces:
fiftyeggs-cache
The message was sent in error, and we sincerely apologize. No action is required.
Did you get that?
Andrew
Similar Messages
-
Hi,
In our existing ACS, when we add a new relying party with that associate with rule as bellow:
input claim type as
htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
and output claim type as
htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
When I used the ACS created previously, for token I received, I have
Received claims with existing ACS:
htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier: testoem2,
htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: TESTOEM2-MS,
htp://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider: htps://wp8partnerservicesv1-tst.accesscontrol.windows.net/
but for the new ACS namespace, when I configure it exactly the same way, I receive
htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: TestOem2-MS,
htp://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider: htps://zackpartnerservice1-tst.accesscontrol.windows.net/'
The nameidentifier claim is no longer in the token.
Does anyone from Azure ACS team know what change in ACS might have cause this issue and how do I config the ACS so that I can get nameidentifier claim in the token too?
since my account is not verified, I use h_ttp instead of http in my question.
thank you,
ZachGreetings, Zach!
Please refer to this:
https://msdn.microsoft.com/en-us/library/hh446535.aspx
The article elaborates how federated identity works with ACS.
Thank you,
Arvind -
Trying to set up encrypted mails but I'm confused about certificates and keys
Hello all,
My first foray into encrypted emails and I'm already confused! To begin with, I'm trying to exchange mails with one other person, who I believe uses Outlook. So far:
He's sent me his certificate (although I thought I would receive his public key) which is a file called smime.p7m. I don't know what to do with this.
I've successfully followed the instructions at https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages. When I start a new mail, I can either go to the Enigmail menu and switch on encryption / digital signing and it seems fine, or I can go to the dropdown on the S/MIME button and it says "You need to set up one or more personal certificates before you can use this security feature." Are these two different ways of doing the same thing (in which case I'll use the one that works!) or not?
As you can see, I'm getting confused between keys and certificates! If some kind person could take a minute to explain what my next steps are, that would be much appreciated. I couldn't find anything on the Thunderbird support pages, though I know I need to send him my public key.
Thanks in advance.
Stuart.Stuart8, good find, that article.
I found the main disincentive to using the built-in S/MIME capability is that it's not immediately obvious where to get your certificate and keys. Most providers want $$$ for them, which is natural enough if they are actually going to validate you in some way. I did at one time have a Thawte certificate and even enough WOT vouches to be a low-grade WOT Attorney.
Once you have your key, it's a bit of a pfaff to install it into Thunderbird. You'll probably find that S/MIME is the default in business correspondence, since many businesses operate their own mail servers, ftp servers and so on and probably have an arrangement to generate self-issued certificates or to buy them on a commercial basis from a CA.
Enigmail/OpenPGP doesn't require any financial outlay on your part, but is harder to get your keys properly validated since there's not much of a formal WOT nor a reliable central registry. You generate your own keys and it's pretty much all based on mutual trust.
Since the two systems are incompatible, you need to have set up the same as whatever your correspondent is using.
I suspect that you have discovered that it's a two-way process. In order for a correspondent to send you an encrypted message, you must both be using the same system, and he must have your public key to encrypt his message, and you'll need his in order to reply with encryption. So yes, he needs to send you his public key for you to send to him, but what he sends to you needs YOUR public key.
Obviously, signing messages is a useful halfway house. I believe that you sign with your private key, and the recipient will have to download your public key to validate your signature. Whilst a signature doesn't safeguard your privacy, it goes some way to proving that the message came from who it says it came from and that it hasn't been altered in transit. (I really can't understand why banks, lawyers, insurance companies haven't picked up on these encryption and signing schemes. Perhaps they actually prefer all those awful phone calls where you need to struggle to recall supposedly unforgettable names and dates! ;-) )
In practice, I find that if you sign a message to an outfit who don't know what to do with it, their numpty anti-virus system will probably barf on the signature which it thinks is executable code and therefore must be a virus or worm. :-( -
Hello,
I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment. I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
way. I've followed these instructions (among many other resources found along this journey) :
http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error. I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output. Please explain how to fix if you're able.
Please Note: I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
Also Note: I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
Here's my ULS output:
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request.
IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Deployment acjjg Medium The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
= 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrv Medium redirectLaunUrl after getting it from query
string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens} 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General aib0n High trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrw Medium redirectLaunUrl after getting token replacement:
https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsry Medium m_oauthAppId after NormalizeAppIdentifier()
i:0i.t|ms.sp.ext|[email protected]8df36d5d. Now getting app principal info. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr0 Medium decided that we need to do a POST to the
app. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr1 Medium m_redirectMessage: EndpointAuthorityMatches
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr2 Medium realm matched attempting to get app token
using GetAccessToken() 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth advzm High Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr3 High App token requested from appredirect.aspx
for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it. This may be a case when we do not need a token or when the app principal was not properly set up. LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
Exception Message:The Azure Access Control service is unavailable. Stacktrace: at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest().
Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General ajlz0 High Getting Error Message for Exception Microsoft.SharePoint.SPException:
The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext) at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth aib0p Medium Doing appredirect from appredirect.aspx:
in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
Execution Time=26.5933938531294 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
Your help is very much appreciated.
With Respect,
LarryYes, actually - I was able to resolve it.
However I don't know how, unfortunately. I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing. It was a daunting task, but I finished it successfully.
If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
NOTE: I'm not all impressed with the way this forum works. This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions. Completely lame. Boooooo Microsoft. -
Problem with Generate a certificate and Key
I have a Cisco S370 and generated a certificate Key to block HTTPS pages.
I require a CA signs the certificate generated by the Cisco S370, but the CA returns me an error and asks the key is changed to 2048, but I have no option to do this in the GUI, look in the CLI but can not find any option to change the HTTPS certificate key 2048
You can change the certificate that was generated by the WSA S370 to 2048In addtition to Kush's response, we had a similar thread in the past. Please refer to:
https://supportforums.cisco.com/message/3900340?referring_site=bss&channel=bdp#3900340
Also, please note it would be advisable to refer to this Feature Request using Cisco Bug ID CSCzv70884 instead of
86121.
You can search for Bug IDs using Cisco Bug Search Tool :
https://tools.cisco.com/bugsearch/
From this tool, you can not only obtain info about the bug but also open TAC cases and Save the bug so you can get updates.
Regards,
-Valter -
AS2: Where to specify certificates and keys: CC or Receiver Agreement
Hello,
when configuring a AS2 scenario (Proxy - AS2 Receiver) I am wondering about configuration details for certificates.
In the AS2 receiver configuration channel I can enter:
SSL Certificates
Server Certificate (Keystore)
Private Key for Client Authentification
In receiver agreement I can enter:
AS2 Sender Configuration
Signing Key
AS2 Receiver Configuration
EncryptionCertificate
So I am not sure what to configure where? I am right that transport level security is done in the communication channel, and message level security in the receiver agreement?
If I use SSL without client authentification in combination with Digital Signature I have to enter Server Certificate of parter in communication channel and Signing Key in Receiver Agreement, right?
Sorry, maybe this was a little bit confusing.Hi,
you need to configure certificates in receiver agreement. I did it quite long back.. You need to enter some alias name of certificates over there.
Once you open the Receiver agreement, you can easily figure it out.
Thanks
Inder -
Important Information Regarding your Wireless Network Security
I received this email today from Verizon stating that I need to change my wifi router settings for WPA2 instead of WEP.
What the wonderfully intelligent Verizon folks forgot to include as a very basic step is to CHECK first before you follow any instructions. The wonderful router that Verizon supplied doesn't indicate on the configuration page that WPA2 is ALREADY configured. At first I thought Verizon pushed out new code and wiped that configuration, but that didn't make sense. I was sure I had set up WPA2. Then I remembered, looking at my notes, to check "Wireless Status" under "Wireless Settings."
My recollection was confirmed. I almost had to re-do everything and then update all of my devices because I started to blindly follow Verizon's lead.
So, don't blindly follow Verizon instructions and remember that the user interface on Verizon routers is pretty awful, too.
Check around, don't assume that the interface will indicate that something is already configured. One screen may tell you something is configured (status) and the other is written to assume you intend to configure (even if already configured).
I hope this helps someone.Its a generic message going to EVERYONE.
The G and I version even come configured with WPA2 , and many have followed previous recommendations to switch to WPA2. -
Cisco Secure Access Control Server (ACS) for Windows
Looking for Part code for client of ACS 3.1, needs CD-ROM for re-installation prior to considering upgrade.
It should be
CSACS31WINK9
M.
Hope that helps rate if it does -
How to download certificate and import it
I need to import a CA certificate of a not well-known CA. I have access to a site that uses a certificate signed by this CA. Is it possible to download/save this certificate and extract CA information/public key that can be added to my cacers? Please explain how..
Here is an article talking about fetching certificates from an SSL enabled server and store it into your own keystore.
http://blogs.sun.com/andreas/resource/InstallCert.java -
EJB and access controll???
Hi all,
I have a question about access control via EJB,
For example I have a client app�ication and on start I will prompt user for user name and password, and now what to do with this information how to pas it to the ejb server, or??? Or may be some of you have any link to tutorial as an answer? My EJB will access database and I want to use the access control from database.
Thank you in advance.Hi Eshwa,
thank you for your reply, I found a nice developer guide on the link that you give me, but I steal have a problem with undestanding of practical way to pas user information from client application to ejb server, may be you can give mi a pice of code or an small example, where is geted 2 String (user name and password) and sent to the ejb server to be autentificated, and then to have acces to the resources that is accessable for this user (discribed in the deployment description user - role).
Anyway thank you again.
Best regards Alexander Hincu . -
ACE SSL - Modifying certs and keys
I'm having a problem updating the certs and keys I have in my ssl-proxy service.
My cert is about to expire and I've purchased a new cert. I've uploaded the new cert and key, but I still see the old cert when I go to the VIP with my browser. I thought that by deleting the proxy-service and re-adding I could get the ACE to recognize that it's got new certs but that didn't seem to work.
Is there a trick to make the ACE see the new certs? Does it cache the certs instead of reading them from flash? What's going on here.
Thanks!I changed my certs hot while the application was still running worked like a charm.
What i did was.
- import the new certificate into the crypto store (pkcs12)
- prepare a textfile with the necessary commands
no key old
key new
no cert old
cert new
- paste the commands into the running config.
I had several Customers and Application Admins test the App. while i was changing certs. They didn't even notice something happened. After approx. 60 seconds all new connections were using the new cert old connections were using the old cert. No trouble at all.
And yes the ACE caches the certs if i am not mistaken.
If you want to make sure that it works just create a test context or try it on a test farm first. That's what i did prior to changing the certs and the config on the production enviroment.
Hope it helps.
Roble -
I purchased Adobe Export software last year and it created a virus; the program is ussless for me. I signed on to my account, but despite the fact I confirmed my unser ID and Password, I am unable to access customer services in order to cancel automatic renewal of the software. Can anyone assist me?
Sara:
Thank you so much.
I truly appreciate you reaching out and taking care of this for me.
Wishing you and yours good health and all the good things that life has to
offer in 2015 and beyond.
Richard M. Rogers
San Diego, CA. -
Sourcefire access control policy and intrusion policy
hi.
i have a question.
what is the diffrerence between access control policy and intrusion policy.The access control policy is where you'll apply your different intrusion policies to different pieces of your traffic flow. You can also apply "content" filtering, access restrictions, monitoring, and file inspection.
The intrusion policy is where you configure rules that you will apply to traffic in your access control policy. -
Integrating SAP HCM with third party Access Control System
Hi Experts,
We have client using SAP HCM and intend procuring an Access Control Solution to manage her people.
What the client wants to avoid though is having to create a new employee in SAP HCM and manually creating same in the Access Control Software. Is there a way this can be automated such that upon recruitment of new staff, the data is updated in the Access Control DB which uses MS SQL? If this is possible, what is required to get this working well.
Thanks for your support in this regard.
Regards
JohnFor time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
I hope this answer will help. -
Dynamic Access Control : Suggested Value Claim
Currently studying for my 70-417 Exam, there's one thing i don't fully understand and can't find any resources that explain it.
A claim type can be created, from what I understand the "suggested values" are optional, these can remain empty like for example the department resource property.
But why is there an suggested value option for the department?Hi,
When we create a new claim type, in the Suggested Values section, click No values are suggested.
But search for the department attribute in the Filter box and make sure that the
department string is highlighted in the results. Add Finance and
HR as suggested values.
You could refer to:
http://www.petri.com/dynamic-access-control-dac-kerberos-claim-types-resource-properties.htm
Step-by-Step: Protecting your information with Dynamic Access Controlhttp://blogs.technet.com/b/canitpro/archive/2013/05/07/step-by-step-protecting-your-information-with-dynamic-access-control.aspx
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Maybe you are looking for
-
How can I make ringtones show in my Tones tab rather than the Music tab?
I just bought my first iPhone 4 and uploaded a bunch of music ringtone files to iTunes and changed the default preference to display the Tones tab. However, the ringtones all got added to the Music tab rather than the Tones tab. I have a number of qu
-
Printing Invoice Dot Matrix Printer in the paper size 9.5 x 11 inches
Dear All, Am using Pre-printed Stationery but I have a problem with printing configuration for AR Invoice through Dot Matrix Printer in paper size 9.5 x 11 inches, when command to print the first page it print perfect but the continuation is not s
-
Is there a way to re-set the default fade-in/out setting for all slides?
Hi all, I don't know why all objects on all the slides of my captivate project are set as transition-> fade in/fade out. The result is that every single slide fades out after 3 seconds, even before the learners can finish reading. The only solution I
-
I have created a GPO that calls a logoff script. This script looks for other batchfiles and executes them. I am using this method install an applications and then reboot. However, when the batch file runs shutdown -r -f -t 0, I get device not re
-
I'm working on a project where I have to have two circles follow around a character's eyes. I'm using the match move effect, but everytime I put in the behaviour I have to analyze twice - once for each eye. Is there a way to analyze both simoultane