Your SlideShare is downloading. ×
0
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Claims Based Authentication A Beginners Guide

2,053

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,053
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
79
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Claims Authentication Claims Authentication
  • 2. AGENDA• What is Claims?• Claims in SharePoint• Configuring and Using Claims in SharePoint
  • 3. My TripCheck In Counter Boarding Gate
  • 4. Terminology• Identity: security principal (end user)• Authentication: act of establishing or confirming something• Authorisation: function of specifying access rights to resources• Claim: statement about an identity• Security Token: set of claims that are digitally signed by an issuing authority• Security Token Service (STS): builds, signs and issues security tokens• Identity Provider STS (IP-STS): authenticates and issues tokens• Relying Party: application that makes authorisation decisions based on claims• Relying Party STS (RP-STS): transforms existing claims and adds new claims to a token
  • 5. Claims at an Airport Boarding GateIdentity: security principal (end user)
  • 6. Claims At An Airport Boarding GateRelying Party: application thatmakes authorisation decisionsbased on claims
  • 7. Claims At An Airport Boarding GateClaim: statement about an identity “I am Thuan Le Cong” “My seat is 1c” 
  • 8. Claims At An Airport Check In Counter Boarding GateIdentity Provider STS (IP-STS):authenticates and issues tokens
  • 9. Claims At An Airport Name Seat Number Frequent Flyer Check In Counter Boarding GateSecurity Token: set of claims thatare digitally signed by an issuingauthority
  • 10. Claims at An AirportCheck In Counter Boarding Gate
  • 11. Terminology• Identity: security principal (end user)• Authentication: act of establishing or confirming something• Authorisation: function of specifying access rights to resources• Claim: statement about an identity• Security Token: set of claims that are digitally signed by an issuing authority• Security Token Service (STS): builds, signs and issues security tokens• Identity Provider STS (IP-STS): authenticates and issues tokens• Relying Party: application that makes authorisation decisions based on claims• Relying Party STS (RP-STS): transforms existing claims and adds new claims to a token
  • 12. Claims in SharePointSecurity Token Service Check In Counter Boarding Gate SharePoint WFE
  • 13. Why Claims?• Decouples SharePoint from Authentication• Support for multiple authentication providers on one URL• Enables federation
  • 14. ZonesWeb Application – Classic Web Application – Claims Windows• Zone: Default Windows • Zone: Default FBA SAML• Zone: Intranet FBA • Zone: Intranet FBA Windows• Zone: Internet … • Zone: Internet• Zone: Extranet … • Zone: Extranet … …• Zone: Custom … • Zone: Custom
  • 15. Authentication Model• Two Authentication Modes – Classic (“Legacy”) – Claims
  • 16. Authentication methods• Windows Authentication: Uses the Windows infrastructure, providing support for NTML, Kerberos, Anonymous, Basic, and Digest authentication.• Forms-Based Authentication (FBA) Utilizes a username and password HTML form that queries a membership provider in the back- end.• SAML token-based Authentication Uses an external identity provider that supports SAML 1.1 and WS-Federation Passive profile.
  • 17. Externalized Authentication
  • 18. Claims-based Authentication
  • 19. Browser Based Sign-IN
  • 20. Identity Mapping CLASSIC CLAIMS FBA NT Token NT Token SAML1.1+ SQL, LDAP, Custom,Windows Identity Windows Identity ADFS, … … SAML Token Claims Based Identity SPUser
  • 21. SPClaim i:0#.w|coastalpointsolthuanle• Claim Type – W = Windows – F = Forms Based Authentication – T = Trusted (SAML)• Issuer• Value• Value Type
  • 22. Forms Based Authentication• Exposed through Claims – Claims Identity instead of Generic Identity• Implemented as a Claims Provider – Implement ValidateUser()• STS talks to membership provider to validate user and issues a claims token• Roles are converted to claims
  • 23. Configure FBACreate Authentication Provider Configure Web Application to use Authentication Provider Add Membership/Role Provider web.config entries (CA, STS, FBA Web App)
  • 24. Three Web.config Changes? Create Authentication Provider Configure Web Application to use Authentication Provider Add Membership/Role Provider web.config entries (CA, STS, FBA Web App)• Central Admin – Enable picking of principles from any provider• STS – Authenticate User – Get Roles of Users (convert to claims)• FBA Web Application – Enables People Picker
  • 25. DEMOClaims Authentication
  • 26. Summary• What is Claims?• How claims work in SharePoint• How to configure FBA
  • 27. hopefullyQuestions and Answers ^

×