Your SlideShare is downloading. ×

Claims Based Authentication in SharePoint 2010


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Claims-Based Authentication SharePoint 2010 Jonathan Schultz (@SharePointValue) Skyline Technologies, Inc. 11/15/2011
  • 2. About Skyline Technologies• Leading Microsoft solutions provider – Develops and tailors IT applications to meet the business and technical objectives of customers – Serves clients in the manufacturing and retail to healthcare, transportation, and logistics industries• Microsoft Partner with Gold competencies in Business Intelligence, Content Management, Portals and Collaboration, and Web Development and Silver competencies in Data Platform, Project and Portfolio Management, Search, and Software Development.• Provides a pathway to speed your company toward its vision.• Recognized by businesses nationwide as a team of smart, experienced people and a Microsoft Gold Certified Partner organization specializing in adapting Microsoft solutions to individual client’s needs.
  • 3. Agenda• What are Claims?• Why would you use them?• Claims-Based Authentication – Basic Architecture – Trusted Identity Providers – Advanced Concepts• Claims Development Tasks• Reality of Claims Based Authentication• Reference Materials
  • 4. What are Claims?• Attributes about a User• Need to Come from Someone You Trust• Driver’s License Example – Trusted Provider = State of Wisconsin – Claims • Name = Jonathan Schultz • Age = 35 • Organ Donor = No
  • 5. Why Use Claims?• Claim Augmentation – Security Groups from Active Directory – HRMS/CRM Attributes • Title/Role• Federation – Partner Network • Business to Business – Subsidiaries – Web 2.0 (Windows Live, Facebook, etc.)• Advanced Authentication & Authorization
  • 6. Basic Claims Scenario
  • 7. Claims Based Architecture
  • 8. Terminology• Security Token Service (STS) – Identity Provider (IP-STS) – Relying Party (RP-STS)• Security Assertion Markup Language (SAML)• Windows Identity Framework (formerly Geneva)• Trusted Login Provider
  • 9. Under the Covers
  • 10. Claims-to-Windows Token Service
  • 11. Claims Based Architecture Notes• New in SharePoint 2010• Authentication Prompt for Multiple Providers• All Intra/Inter Farm Calls are Claims Based – i.e. Service Applications• Claims-to-Windows Token Service Needed for Some Service Applications, i.e. PerformancePoint Services
  • 12. Claims Development Tasks• Custom Login Pages – Extranet Scenarios – Branding – “Remember Me” Capability – Home Realm Discovery• Custom Claim Providers – Claims Augmentation – Claims Picking / Resolution• Trusted Login Providers – WIF SDK
  • 13. Reality of Claims Based Authentication• Claims Authorization uses OR logic, not AND – Scenario: Authorize US HR User • Location Claim = US • Department Claim = HR • Will also succeed for US IT because of US OR HR• Trusted Identity Providers – Cookie Driven (Watch out for domains/paths) – Time Based Expiration (Server Times)• Claims + Kerberos + SSRS = Problem
  • 14. Reference Materials• Claims and Security Technical Articles for SharePoint 2010• Implementing Claims-Based Authentication with SharePoint Server 2010 – White Paper• A Guide to Claims-Based Identity and Access Control – Patterns & Practices• Custom Claims-Based Security in SharePoint 2010• Steve Peschka’s Blog: Share-n-dipity