Using SSL certificates with unifi cloudkey or UDM Pro the easy way

In short, you can access your UDM Pro with https://unifi.local and make the security warning go away. I have been using my unifi hardware for some time at home now and I love it. The one thing that kept being annoying is accessing the cloudkey software over SSL. It always returning this warning: And if you approved and continued you still got this icon in your browser:

Our Microsoft Identity Platform developer training videos are published

We have been delivering developer training on the Microsoft Identity platform around the world. We finally managed to hit the studio and get some of these recorded. One of the big changes we made over time is to steer away from protocol details more towards concepts and APIs. It’s like why explain how NTFS works while you only want to write a file to disk with an API. The entire series from me and my colleage Kyle Marsh are worthwhile watching.

New job, working on decentralized identities in Azure Identity CxP organization

Today I started a new job. I am still working in Azure Identity as Program Manager. Still working in CxP (Customer and partner experience), but moving back to the @Scale team (they work with ISVs, Partners, SIs to get our Identity platform adopted at scale). I am going to work on DID or Decentralized Identities. Helping onboarding our partners to make sure we successfully get market adoption of this brand new technology.

Migrating my blog from Wordpress to Hugo

I finally took the plunge and started to move my blog from Wordpress to Hugo. I had some issues recently where my Wordpress site didn’t work anymore. 1 issue was with the syntax highlighting for the code snippets, caused by an old plugin and new secure browser settings. Took me a while to fix. And recently the editor of Wordpress stopped working properly since there was a secure header setting changed on azure which broke some Javascript on the admin side of Wordpress.

V1 and V2 Identity and Access tokens with Azure Active Directory

This has caused me a ton of confusion and my customers keep getting confused as well. Azure Active Directory has been around for some time now. Some time ago we added a new endpoint (V2) which is more standards compliant and supports both AAD and MSA accounts and for example features like incremental consent. Still people get confused about our numbering scheme and I totally understand why. Let me try to explain a little bit how this all works.

Authenticate an Azure AD user with SAML for ASP.NET Core

The other day I needed a test application to try something with SAML support in Azure Active Directory. I started looking how to configure an ASP.NET Core webapplication to support SAML. It’s very easy to set it up for OIDC authentication but I found out ASP.Net (core) doesn’t support SAML out of the box. Google to the rescue and ignoring the blogpost from my colleague Christos (he’s wrong, it’s WS-Fed not SAML he’s using in his blogpost) , I found a few 3rd parties who build support for ASP.

Unable to connect to Synology SMB share from Windows 10 Pro, solution.

One of my machines was giving me a headache. I could not connect to my Synology file shares. All my other machines in my could just fine except this machine. Even after a reinstall it didn’t work. I kept getting the error: The specified server cannot perform the requested operation. The difference between the machines working and not working was the machine not working was Azure Active Directory Joined. The other machines weren’t.

How to integrate the Microsoft Identity Platform (AAD or B2C) with custom JWT authentication for Realm Cloud in .NET

Wow that’s the longest blogpost title I have ever used. Hopefully this will help finding this page if you are searching for a solution I am describing here. One of our customers came to us with a question how to integrate our B2C product with Realm Cloud. I had looked at this product before but didn’t know what technically was possible for integration with B2C. The request was to use B2C tokens with the custom JWT Authentication Realm cloud supports.

Create a user delegated permission and an application permission with the same name in Azure Active Directory

For a training we are delivering I tried to create a little sample where I show how to create an API and protect it with our Microsoft Identity Platform. We have 2 kind of permissions we can support with our consent and permissions framework. User delegated permissions and application permissions. This is what we use for MS Graph as well. User delegated permissions are used if you want to grant the app running the permissions in name of the user.

Little update about my job after 8 months

End of June our fiscal year ended. After a lot of travel this month I finally had some time to spend time with my family. My mom is visiting and was able to watch my daughter Lisa so my wife could join me in Washington, where I was for Identiverse and later travel to visit friends near New York. June was the heaviest travel month for me so far. I spend 2 nights at home.