Auth Protocols Troubleshooting Masterclass with John Craddock

Auth Protocols Troubleshooting Masterclass with John Craddock

Brilliant course, excellent instructor. Good drill down on troubleshooting using the tools, going through valid responses/request and errors with possible solutions. Deep digging troubleshooting.

Live Instructor-Led Course

Attend in the classroom in person

£3295 / $4350 / €3625

Course code: A637

Available as a private course

Find out more about private training or ask us about it here.

NEW! Implementing and troubleshooting authentication and authorization protocols: a John Craddock Masterclass

Environments are no longer constrained by network boundaries, and we need to embrace disparate systems, and implement the appropriate authentication and authorization protocols to support our ecosystems. Only through a deep understanding of the protocols will you be able to validate and troubleshoot your systems.

International identity guru John Craddock’s new 5-day hands-on Troubleshooting Masterclass complements and follows on from his acclaimed Microsoft Identity Masterclass, and provides you with a thorough grounding in the different protocols, and shows you how to configure, test and troubleshoot.

All too often issues can take days to fix, whereas with the correct tools and techniques, they could have been resolved in minutes. After this class, you will be in an exemplary position to dramatically reduce resolution times.

About John Craddock’s Troubleshooting Masterclass

The primary identity provider is Azure AD but you will learn how to integrate your applications with other identity providers. You will work with a range of troubleshooting tools including Fiddler, Wireshark, Postman and browser development tools to hone your troubleshooting skills. You will learn how to work with and troubleshoot the following protocols:

  • HTTPS
  • WS-Federation
  • SAML-P
  • OpenID Connect
  • OAuth 2.0
  • REST API access
  • Windows Kerberos authentication and Kerberos Constrained Delegation

The course begins by introducing all concepts swiftly and factually before diving deep. For some, the intros will be a revision and consolidation exercise, for others, the intros may reveal new concepts. If you need more explanation about any of the topics while you’re on this Masterclass, your job is to ask – there is no such thing as a silly question! See the course outline for what you’ll learn, day by day.

Hands-on labs

This Masterclass includes more than 25 hands-on labs to strengthen and augment your learning. They will consolidate your knowledge and will enable you to discover a variety of troubleshooting tools and techniques. All the labs run in the cloud, and this hands-on environment (which you will also be able to access for two months from the start of the class) is perfect for troubleshooting.

Sharing and discussions

Your growing skills as a troubleshooting ninja will be greatly enhanced during class discussions. We discuss the practical tips and tricks that you already know, and those you have learned in class. Some of the more complex hands-on exercises you will do are augmented with a ‘tips and tricks pdf guide’, and also a quiz which becomes a discussion point for sharing experiences and expertise.

Post-course, you’ll have:

  • You will have access to the hands-on lab environment for two months from the start of the class.
  • We will give you a build document that shows how to build the labs in your own VM, and will supply you with all the Masterclass websites and scripts.
  • A comprehensive course manual is also provided – both a hard copy and a pdf – and it will be an invaluable ongoing reference source.

Who is the course for?

Specially developed to complement his Identity Masterclass, John’s new Troubleshooting Masterclass is for experienced administrators with hands-on system administrator’s skills who want to learn how to implement and test authentication and authorization protocols, and how to troubleshoot and resolve hard-to-fix situations.

If you haven’t already attended John’s Identity Masterclass, you should be familiar with Azure AD concepts and terminology, and know how to:

  • Create and manage users, groups, OUs and group policies in on-premises AD
  • Perform basic server/DC troubleshooting (for example check if a service is running, and
    restart it)
  • Add a DNS record
  • Add an URL to a browser’s Intranet zone
  • Create and manage users and groups in Azure AD
  • Register OpenID Connect and OAuth 2.0 applications in Azure AD
  • Run Azure AD PowerShell commands
  • Perform basic network and protocol tracing using Wireshark and Fiddler

Some of these skills may have been gained by attending the Identity Masterclass, but the expectation is that you have used these basic skills in a live production environment and now you want to delve deeper. If you have these pre-requisite skills, the Troubleshooting Masterclass can be done independently.

The Troubleshooting Masterclass is designed to complement John’s Microsoft Identity Masterclass, and there is very little overlap.

  • The Troubleshooting Masterclass focuses on configuring and troubleshooting authentication and authorization for resource access. John will explain the management aspects of Azure AD only briefly.
  • Some troubleshooting skills are covered in the Identity Masterclass, but this Troubleshooting Masterclass goes to a much deeper level and covers more complicated scenarios.
  • The Troubleshooting Masterclass uses Azure AD and an on-premises AD as the primary sources of identity.  The only minor overlap with the Identity Masterclass hands-on is when we configure some aspects of Azure AD and Azure AD Connect.

John recommends that students do not to take the Identity Masterclass and the Troubleshooting Masterclass back to back. He says: “After taking the Identity Masterclass a student should go back to apply the techniques they have learned before returning to do the Troubleshooting Masterclass.”

If you want to resolve issues quickly, this Troubleshooting Masterclass is a must!

About John Craddock

John Craddock is a Microsoft MVP (Most Valuable Professional) and has been involved in Microsoft solutions since the early days of Windows and Windows NT. John spoke on Active Directory at the Windows 2000 launch events and has focused on identity solutions since the first release of AD FS for Windows Server 2003.

He is an identity and security architect and has been involved in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals. He is a well-known international speaker, and has delivered this Masterclass to professionals throughout the world.

John Craddock teaches his Masterclasses all over the world

This course is available as live instructor-led training in the classroom.

Day 1

The day starts with an introduction to identity and authentication/authorization protocol. Even if you switch to federated protocols, inevitably some applications are using Windows Authentication. To integrate those apps requires Kerberos authentication. In this first day, you configure and troubleshoot Kerberos for a variety of situations. Some of the scenarios are decidedly tricky, challenging you with cross-forest scenarios even if you don’t have requirements for Kerberos in your environment, the tools and techniques that you learn work across all protocols.

Hands-on include:

  • Getting started with the lab environment
  • Investigating Windows authentication
  • Baseline captures with Wireshark
  • Troubleshooting with Wireshark

Day 2

We examine Kerberos delegation including constrained delegation and protocol transition which is used by the Azure AD application proxy. Once you have completed the Kerberos challenges, you create an Azure AD tenant and install Azure AD Connect to synchronise identities from on-premises to the cloud.

Using your Kerberos knowledge, you investigate seamless SSO while using password hash synchronization.

Hands-on include:

  • Investigating Kerberos delegation
  • Configuring constrained delegation
  • Investigating protocol transition
  • Creating an Azure AD
  • Installing and configuring Azure AD Connect
  • Validating Seamless SSO

Day 3

Day 3 starts with publishing and troubleshooting your windows auth apps through the Azure AD Application Proxy. You then progress to investigating the protocols used by the proxy to authenticate users and extend that knowledge to configure and troubleshoot Open ID Connect and OAuth2.0 applications using the Azure AD V1 endpoints

Hands-on include:

  • Publishing and troubleshooting a Windows auth app
  • Tracing Azure AD Proxy authentication
  • Installing, configuring and troubleshooting an OpenID Connect / OAuth 2.0 app
  • Remotely tracing back-channel traffic
  • Testing token validation with Fiddler breakpoints
  • Testing and troubleshooting with Postman
  • Investigating consent with the V1 endpoints

Day 4

Microsoft introduced new behaviours for Open ID Connect and OAuth 2.0 with the Azure AD V2 endpoints. Discover how to publish V2 apps and work with V2 dynamic consent. After completing the session on the V2 endpoints, we shift gear, and you learn how to support applications using forms authentication in your Azure AD SSO environment.

Hands-on include:

  • Deploying an app that uses the V2 endpoints
  • Investigating consent with the V2 endpoints
  • Publishing an OpenID Connect / OAuth 2.0 app through the proxy
  • Installing & publishing a forms auth app with SSO

Day 5

On our final day, you install, configure and troubleshoot applications using WS-Federation and SAML protocols. The masterclass concludes with examining the options for sharing apps with users who are external to your organization.

Hands-on include:

  • Installing, configuring and troubleshooting a WS-Federation app
  • Installing, configuring and troubleshooting a SAML app
  • B2B federation with Google
  • B2B access Windows auth applications
New course – no reviews yet.

Read more reviews