Who Are You and What Do You Want?
Working with OAuth in SharePoint 2013
CKS:DEV
The
SharePoint
Cowboy
Patterns
&
Practices
Eric Shupps
www.sharepointcowboy.com eshupps@binarywave.com facebook.co...
Introduction
Farms
On Premise
Apps
OAuth
+
SharePoint
Servers
Cloud
Apps
Agenda
INTRODUCTION
authorization
User requests access App requests
Request Token
Provider returns
Request Token
App builds auth link
w/ Request Token
User ...
User requests access App requests
Request Token
Provider returns
Request Token
App builds auth link
w/ Request Token
User ...
OAuth in SharePoint 2013
Manages identity information for principals (STS)Identity Provider
Handles requests for trusted identity claimsSecurity To...
Farms
COLLABORATE
My Sites
Content
Distributed Roles
Enterprise Features
Managed Metadata
Search
Shared Service Applications
Req...
Consumer
Export Root & STS Certificates
Copy Certificates
Import root certificate(s) and
create trusted root authority
Pro...
Consumer Provider
Create Trusted Root Authority
Set Authentication Realm
Create Trusted Security Token
Issuer
Create App P...
Servers
Other
Lync
Office Web Applications
Workflow
Servers
Exchange
Certificates Metadata
Create security token issuer
Assign app principal permissions
Install client components
Export/Impor...
On-Premise Apps
App establishes context
SP validates S2S trust
App requests access token from SP
Browser POSTS parameters to App
SP return...
User Permissions
App behaves in context of user
Consistent across all requests
Specific access rights and
scope requested ...
Establish client context
Get access token with S2S
Get claims from Windows identity
Get request parameters
Cloud Apps
App establishes context
ACS provides access token
App requests access token from ACS
Browser POSTS request token to app
SP...
Get client context from SP with access token
Get access token
Read and validate context token
Parse out Context Token
Get ...
Description Link
OAuth Working Group http://oauth.net/
OAuth Resource Guide http://bit.ly/14CWPNb
Authorization and authen...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013
Upcoming SlideShare
Loading in...5
×

SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013

498

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
498
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoint 2013

  1. 1. Who Are You and What Do You Want? Working with OAuth in SharePoint 2013
  2. 2. CKS:DEV The SharePoint Cowboy Patterns & Practices Eric Shupps www.sharepointcowboy.com eshupps@binarywave.com facebook.com/sharepointcowboy @eshupps
  3. 3. Introduction Farms On Premise Apps OAuth + SharePoint Servers Cloud Apps Agenda
  4. 4. INTRODUCTION
  5. 5. authorization
  6. 6. User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Request Token Provider returns access token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 3
  7. 7. User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Access Token App validates access token Access token validated User granted access 1 2
  8. 8. OAuth in SharePoint 2013
  9. 9. Manages identity information for principals (STS)Identity Provider Handles requests for trusted identity claimsSecurity Token Service Identity provider associated with a web applicationIdentity Token Issuer Trusted resource (farm, server, etc.)Security Token Issuer Resource information and signing certificate (JSON)Metadata Endpoint Used to request permission to protected resourceRequest Token Used by App to access resource on behalf of userAccess Token Operation scope for authorizationRealm Cloud-based security token service (IP-STS)Azure ACS
  10. 10. Farms
  11. 11. COLLABORATE My Sites Content Distributed Roles Enterprise Features Managed Metadata Search Shared Service Applications Request Management
  12. 12. Consumer Export Root & STS Certificates Copy Certificates Import root certificate(s) and create trusted root authority Provider Export Root Certificate Copy Certificates Import STS Certificate Create Trusted Service Token Issuer Import root certificate(s) and create trusted root authority
  13. 13. Consumer Provider Create Trusted Root Authority Set Authentication Realm Create Trusted Security Token Issuer Create App Principals Create Trusted Root Authority Create Trusted Security Token Issuer
  14. 14. Servers
  15. 15. Other Lync Office Web Applications Workflow Servers Exchange
  16. 16. Certificates Metadata Create security token issuer Assign app principal permissions Install client components Export/Import certificates Create root authorities Execute configuration scripts Execute configuration scripts
  17. 17. On-Premise Apps
  18. 18. App establishes context SP validates S2S trust App requests access token from SP Browser POSTS parameters to App SP returns parameters User browses to App
  19. 19. User Permissions App behaves in context of user Consistent across all requests Specific access rights and scope requested by app App Only Permissions Granted on app installation
  20. 20. Establish client context Get access token with S2S Get claims from Windows identity Get request parameters
  21. 21. Cloud Apps
  22. 22. App establishes context ACS provides access token App requests access token from ACS Browser POSTS request token to app SP sends request tokens to browser SP gets request token from ACS User browses to app
  23. 23. Get client context from SP with access token Get access token Read and validate context token Parse out Context Token Get POST parameters from SP
  24. 24. Description Link OAuth Working Group http://oauth.net/ OAuth Resource Guide http://bit.ly/14CWPNb Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8WFh Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e3 Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAgFl What’s new in authentication for SharePoint 2013 http://bit.ly/1e6KaYv Creating High-Trust apps with S2S http://bit.ly/18RL8uL Using O365 to Authorize On-Premise Apps http://bit.ly/1fvv1Bo
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×