0
Claims-Based Authentication      SharePoint 2010 Jonathan Schultz (@SharePointValue)       Skyline Technologies, Inc.     ...
About Skyline Technologies•   Leading Microsoft solutions provider     – Develops and tailors IT applications to meet the ...
Agenda• What are Claims?• Why would you use them?• Claims-Based Authentication  – Basic Architecture  – Trusted Identity P...
What are Claims?• Attributes about a User• Need to Come from Someone You Trust• Driver’s License Example  – Trusted Provid...
Why Use Claims?• Claim Augmentation  – Security Groups from Active Directory  – HRMS/CRM Attributes     • Title/Role• Fede...
Basic Claims Scenario
Claims Based Architecture
Terminology• Security Token Service (STS)  – Identity Provider (IP-STS)  – Relying Party (RP-STS)• Security Assertion Mark...
Under the Covers
Claims-to-Windows Token Service
Claims Based Architecture Notes• New in SharePoint 2010• Authentication Prompt for Multiple Providers• All Intra/Inter Far...
Claims Development Tasks• Custom Login Pages  –   Extranet Scenarios  –   Branding  –   “Remember Me” Capability  –   Home...
Reality of Claims Based Authentication• Claims Authorization uses OR logic, not AND  – Scenario: Authorize US HR User     ...
Reference Materials• Claims and Security Technical Articles for  SharePoint 2010• Implementing Claims-Based Authentication...
Upcoming SlideShare
Loading in...5
×

Claims Based Authentication in SharePoint 2010

817

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
817
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Claims Based Authentication in SharePoint 2010"

  1. 1. Claims-Based Authentication SharePoint 2010 Jonathan Schultz (@SharePointValue) Skyline Technologies, Inc. 11/15/2011
  2. 2. About Skyline Technologies• Leading Microsoft solutions provider – Develops and tailors IT applications to meet the business and technical objectives of customers – Serves clients in the manufacturing and retail to healthcare, transportation, and logistics industries• Microsoft Partner with Gold competencies in Business Intelligence, Content Management, Portals and Collaboration, and Web Development and Silver competencies in Data Platform, Project and Portfolio Management, Search, and Software Development.• Provides a pathway to speed your company toward its vision.• Recognized by businesses nationwide as a team of smart, experienced people and a Microsoft Gold Certified Partner organization specializing in adapting Microsoft solutions to individual client’s needs.
  3. 3. Agenda• What are Claims?• Why would you use them?• Claims-Based Authentication – Basic Architecture – Trusted Identity Providers – Advanced Concepts• Claims Development Tasks• Reality of Claims Based Authentication• Reference Materials
  4. 4. What are Claims?• Attributes about a User• Need to Come from Someone You Trust• Driver’s License Example – Trusted Provider = State of Wisconsin – Claims • Name = Jonathan Schultz • Age = 35 • Organ Donor = No
  5. 5. Why Use Claims?• Claim Augmentation – Security Groups from Active Directory – HRMS/CRM Attributes • Title/Role• Federation – Partner Network • Business to Business – Subsidiaries – Web 2.0 (Windows Live, Facebook, etc.)• Advanced Authentication & Authorization
  6. 6. Basic Claims Scenario
  7. 7. Claims Based Architecture
  8. 8. Terminology• Security Token Service (STS) – Identity Provider (IP-STS) – Relying Party (RP-STS)• Security Assertion Markup Language (SAML)• Windows Identity Framework (formerly Geneva)• Trusted Login Provider
  9. 9. Under the Covers
  10. 10. Claims-to-Windows Token Service
  11. 11. Claims Based Architecture Notes• New in SharePoint 2010• Authentication Prompt for Multiple Providers• All Intra/Inter Farm Calls are Claims Based – i.e. Service Applications• Claims-to-Windows Token Service Needed for Some Service Applications, i.e. PerformancePoint Services
  12. 12. Claims Development Tasks• Custom Login Pages – Extranet Scenarios – Branding – “Remember Me” Capability – Home Realm Discovery• Custom Claim Providers – Claims Augmentation – Claims Picking / Resolution• Trusted Login Providers – WIF SDK
  13. 13. Reality of Claims Based Authentication• Claims Authorization uses OR logic, not AND – Scenario: Authorize US HR User • Location Claim = US • Department Claim = HR • Will also succeed for US IT because of US OR HR• Trusted Identity Providers – Cookie Driven (Watch out for domains/paths) – Time Based Expiration (Server Times)• Claims + Kerberos + SSRS = Problem
  14. 14. Reference Materials• Claims and Security Technical Articles for SharePoint 2010• Implementing Claims-Based Authentication with SharePoint Server 2010 – White Paper• A Guide to Claims-Based Identity and Access Control – Patterns & Practices• Custom Claims-Based Security in SharePoint 2010• Steve Peschka’s Blog: Share-n-dipity
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×