SlideShare a Scribd company logo

Claims Based Authentication for Mere Mortals #SPSBE26

Download as PPTX, PDF
BIWUG
BIWUG

In this session we will go through the basics of claims based authentication. What is it and what does it bring to the table? We will provide an overview of some basic and more advanced scenarios in which you would want to use claims based authentication. We will also touch upon related concepts like federated identity and single sign-on. Furthermore, we will cover some real world implementation tips that might come in handy when considering claims based authentication before taking this route. There are some very common issues that you better be aware of. This session is primarily targeted at SharePoint administrators, e.g. we won't go into details on development topics such as custom claims providers although we will touch upon the subject.

TechnologyEconomy & Finance
1 of 27
#SPSBE Claims based authentication for mere mortals #SPSBE26 Thomas Vochten
About me
A big thanks to our sponsors Platinum Sponsors Gold Premium Sponsors Venue Sponsor Gold Sponsors
Agenda • Claims Based Identity • Claims within SharePoint 2010 • Claim Providers • Windows Claims • Trusted Provider claims • Federation & Single Sign On • Claims in the Real World
Claims based identity Who do you trust?
Claims based identity • Not a new concept • Claims provide abstraction • Authentication (AuthN) versus Authorization (AuthZ) • AuthZ decision are based on claims
Setting the scene • Claim • Security Token • Identity Provider (IdP) • Relying Party (RP) • Security Token Service (STS) • Realm
Name Claim Age Claim Location Claim Claim Signature
AuthN AuthZ
Claims within SharePoint 2010 3 types of claim providers • Windows • Trusted Provider • Forms Based Authn Multiple Authn providers possible in the same zone Be sure to be at Service Pack 1 with June 2011 CU minimum
Multiple Authentication Providers Mixed Authentication Multi-Authentication SharePoint SharePoint Farm Farm Web Application Web Application Windows Windows Authentication Zone: Default Authentication Zone: Default Regular label-callout text FBA Authentication Extended Web Application Extended Web Application Zone: Extranet FBA Zone: Extranet SAML Based Authentication Authentication FBA Authentication Extended Web Application Extended Web Application Zone: Intranet ... Zone: Intranet Windows Authentication Extended Web Application Extended Web Application Zone: Internet ... Zone: Internet ... Extended Web Application Extended Web Application Zone: Custom ... Zone: Custom ...
Multiple Authentication Providers
Identity Normalization
Identity Claim Format i:0#.t|federation|thomasvochten i:0#.w|labthomasvochten
Claims Providers • Augmentation of claims • Resolution of claims
Windows Claims • NTLM or Kerberos • Automatic sign in • Used by SharePoint internally • Claims to Windows Token Service for outbound claims (c2wts) Claims Provider Functions • Augmentation with Windows security groups • People picker does lookups in Active Directory
Migrating to Windows Claims • Planning is crucial • Classic to claims only • No way back • 2 step process: Changing the web application to use claims Migrating the user identities
Demo Exploring Windows Claims
Trusted Provider claims • SharePoint as relying party • Needs an external identity provider such as ADFS • Based on open standards (SAML, WS-*) • Logging in: just a bunch of redirects • Migration not out of the box (custom code needed) Setup • Setup identity provider • Setup trust via PowerShell Claims Provider functions • Nothing out of the box (custom code needed)
Trust 3 SharePoint A ut he nt ic 4 at io Identity Provider S n ec R Security Token Service ur eq ity ue (IP-STS) to st k en 5 Service token request Claims Providers 6 Security token response SharePoint ASP.net Client 1 Active Directory Requ STS Trust Membership e st R eso urce 2 Auth en ticate Requ est/R SharePoint edire LiveID SAML ct Authorization Based 7 Request Resource with service token
Demo Exploring Trusted Provider Claims
Federation & Single Sign On • Chain of trusted/trusting identity providers • Multiple use cases extranet access mergers & acquisitions cross-forest authentication • Single Sign On possibilities • Integration with other systems like FIM, UAG or ACS
Claims in the real world • When would you use claims based AuthN? • Integration with other applications like Office • Some stuff will break or doesn’t support claims! • Choose your unique ID wisely • You will probably need a custom claims provider • Home realm discovery • Learn to give up control • Test test test
Some last considerations… • Use SSL • Kerberos is not dead • Choose your unique ID wisely • Software prerequisites • Token cache settings • No 2 factor AuthN out of the box • Custom claims provider on app server • FAST document preview • Debatable workaround for c2wts • SQL, PowerPivot, PerfPoint, UPA,... • SAML claims has the most functional issues • Next wave of MS products
RESOURCES • A guide to claims based identity and access control (2nd edition), MSDN • Implementing Claims-Based Authentication with SharePoint Server 2010, TechNet • Steve Peschka’s blog Links & more resources available on my blog at http://thomasvochten.com
We need your feedback! Scan this QR code or visit http://svy.mk/sps2012be Our sponsors:

Recommended

SharePoint Saturday The Conference 2011 - Extranets & Claims Authentication
SharePoint Saturday The Conference 2011 - Extranets & Claims AuthenticationSharePoint Saturday The Conference 2011 - Extranets & Claims Authentication
SharePoint Saturday The Conference 2011 - Extranets & Claims AuthenticationBrian Culver
 
SharePoint Saturday Houston: SharePoint 2010 Extranets & Claims Authentication
SharePoint Saturday Houston: SharePoint 2010 Extranets & Claims AuthenticationSharePoint Saturday Houston: SharePoint 2010 Extranets & Claims Authentication
SharePoint Saturday Houston: SharePoint 2010 Extranets & Claims AuthenticationBrian Culver
 
Performance Testing and Instrumenting the KGB SMS Service for the Super Bowl
Performance Testing and Instrumenting the KGB SMS Service for the Super BowlPerformance Testing and Instrumenting the KGB SMS Service for the Super Bowl
Performance Testing and Instrumenting the KGB SMS Service for the Super Bowlnatematias
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010Fabrizio Volpe
 
Sybase Afaria için Samsun Advanced Enterprise Server Farkları
Sybase Afaria için Samsun Advanced Enterprise Server FarklarıSybase Afaria için Samsun Advanced Enterprise Server Farkları
Sybase Afaria için Samsun Advanced Enterprise Server FarklarıSybase Türkiye
 
Cybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDCybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDabelsonp
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CloudIDSummit
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 

Recommended

SharePoint Saturday The Conference 2011 - Extranets & Claims Authentication
SharePoint Saturday The Conference 2011 - Extranets & Claims AuthenticationSharePoint Saturday The Conference 2011 - Extranets & Claims Authentication
SharePoint Saturday The Conference 2011 - Extranets & Claims AuthenticationBrian Culver
 
SharePoint Saturday Houston: SharePoint 2010 Extranets & Claims Authentication
SharePoint Saturday Houston: SharePoint 2010 Extranets & Claims AuthenticationSharePoint Saturday Houston: SharePoint 2010 Extranets & Claims Authentication
SharePoint Saturday Houston: SharePoint 2010 Extranets & Claims AuthenticationBrian Culver
 
Performance Testing and Instrumenting the KGB SMS Service for the Super Bowl
Performance Testing and Instrumenting the KGB SMS Service for the Super BowlPerformance Testing and Instrumenting the KGB SMS Service for the Super Bowl
Performance Testing and Instrumenting the KGB SMS Service for the Super Bowlnatematias
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010Fabrizio Volpe
 
Sybase Afaria için Samsun Advanced Enterprise Server Farkları
Sybase Afaria için Samsun Advanced Enterprise Server FarklarıSybase Afaria için Samsun Advanced Enterprise Server Farkları
Sybase Afaria için Samsun Advanced Enterprise Server FarklarıSybase Türkiye
 
Cybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDCybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDabelsonp
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CloudIDSummit
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bBruce O'Dell
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkPaul Madsen
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
Authentication Server
Authentication ServerAuthentication Server
Authentication ServerAbhishek Chikane
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Microsoft TechNet - Belgium and Luxembourg
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01Paul Madsen
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03Paul Madsen
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010Spencer Harbar
 
A Lap around Microsoft .NET Services
A Lap around Microsoft .NET ServicesA Lap around Microsoft .NET Services
A Lap around Microsoft .NET Servicesgoodfriday
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network ServiceLew Tucker
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Alert Logic
 
TH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureTH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureThanachart Numnonda
 
First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...Real-Time Innovations (RTI)
 
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...apidays
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for GovernmentCarahsoft
 
Dharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bDharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bSOA Symposium
 
Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyJayHicks
 

More Related Content

What's hot

TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bBruce O'Dell
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkPaul Madsen
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 

What's hot (6)

TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web Security
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision Framework
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
 
Authentication Server
Authentication ServerAuthentication Server
Authentication Server
 

Similar to Claims Based Authentication for Mere Mortals #SPSBE26

Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01Paul Madsen
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03Paul Madsen
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010Spencer Harbar
 
A Lap around Microsoft .NET Services
A Lap around Microsoft .NET ServicesA Lap around Microsoft .NET Services
A Lap around Microsoft .NET Servicesgoodfriday
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network ServiceLew Tucker
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Alert Logic
 
TH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureTH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureThanachart Numnonda
 
First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...Real-Time Innovations (RTI)
 
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...apidays
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for GovernmentCarahsoft
 
Dharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bDharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bSOA Symposium
 
Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyJayHicks
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
Complex End-to-End Testing
Complex End-to-End TestingComplex End-to-End Testing
Complex End-to-End TestingErika Barron
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 

Similar to Claims Based Authentication for Mere Mortals #SPSBE26 (20)

Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
 
Gluecon oauth-03
Gluecon oauth-03Gluecon oauth-03
Gluecon oauth-03
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010
 
A Lap around Microsoft .NET Services
A Lap around Microsoft .NET ServicesA Lap around Microsoft .NET Services
A Lap around Microsoft .NET Services
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network Service
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
 
TH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureTH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise Architecture
 
First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...First Operational Technology (OT) High Performance Messaging Patterns for Ent...
First Operational Technology (OT) High Performance Messaging Patterns for Ent...
 
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
Dharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1bDharmes Mistry Tony De Bree S O A Business Persp V1b
Dharmes Mistry Tony De Bree S O A Business Persp V1b
 
Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09
 
Complex End-to-End Testing
Complex End-to-End TestingComplex End-to-End Testing
Complex End-to-End Testing
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
 

More from BIWUG

Biwug20190425
Biwug20190425Biwug20190425
Biwug20190425BIWUG
 
Working with PowerShell, Visual Studio Code and Github for the reluctant IT Pro
Working with PowerShell, Visual Studio Code and Github for the reluctant IT ProWorking with PowerShell, Visual Studio Code and Github for the reluctant IT Pro
Working with PowerShell, Visual Studio Code and Github for the reluctant IT ProBIWUG
 
Global Office 365 Developer Bootcamp
Global Office 365 Developer BootcampGlobal Office 365 Developer Bootcamp
Global Office 365 Developer BootcampBIWUG
 
Deep dive into advanced teams development
Deep dive into advanced teams developmentDeep dive into advanced teams development
Deep dive into advanced teams developmentBIWUG
 
SharePoint wizards - no magic needed, just use Microsoft Flow
SharePoint wizards - no magic needed, just use Microsoft FlowSharePoint wizards - no magic needed, just use Microsoft Flow
SharePoint wizards - no magic needed, just use Microsoft FlowBIWUG
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalBIWUG
 
Modern collaboration in teams and projects with Microsoft 365
Modern collaboration in teams and projects with Microsoft 365Modern collaboration in teams and projects with Microsoft 365
Modern collaboration in teams and projects with Microsoft 365BIWUG
 
Mining SharePoint data with PowerBI
Mining SharePoint data with PowerBIMining SharePoint data with PowerBI
Mining SharePoint data with PowerBIBIWUG
 
Don't simply deploy, transform! Build your digital workplace in Office 365
Don't simply deploy, transform! Build your digital workplace in Office 365Don't simply deploy, transform! Build your digital workplace in Office 365
Don't simply deploy, transform! Build your digital workplace in Office 365BIWUG
 
Connect SharePoint Framework solutions to APIs secured with Azure AD
Connect SharePoint Framework solutions to APIs secured with Azure ADConnect SharePoint Framework solutions to APIs secured with Azure AD
Connect SharePoint Framework solutions to APIs secured with Azure ADBIWUG
 
Cloud First. Be Prepared
Cloud First. Be PreparedCloud First. Be Prepared
Cloud First. Be PreparedBIWUG
 
APIs, APIs Everywhere!
APIs, APIs Everywhere!APIs, APIs Everywhere!
APIs, APIs Everywhere!BIWUG
 
Advanced PowerShell for Office 365
Advanced PowerShell for Office 365Advanced PowerShell for Office 365
Advanced PowerShell for Office 365BIWUG
 
New era of customizing site provisioning
New era of customizing site provisioningNew era of customizing site provisioning
New era of customizing site provisioningBIWUG
 
Understanding SharePoint Framework Extensions
Understanding SharePoint Framework ExtensionsUnderstanding SharePoint Framework Extensions
Understanding SharePoint Framework ExtensionsBIWUG
 
Microsoft Flow in Real World Projects: 2 Years later & What's next
Microsoft Flow in Real World Projects: 2 Years later & What's nextMicrosoft Flow in Real World Projects: 2 Years later & What's next
Microsoft Flow in Real World Projects: 2 Years later & What's nextBIWUG
 
Microsoft Stream - Your enterprise video portal unleashed
Microsoft Stream - Your enterprise video portal unleashedMicrosoft Stream - Your enterprise video portal unleashed
Microsoft Stream - Your enterprise video portal unleashedBIWUG
 
What's new in SharePoint Server 2019
What's new in SharePoint Server 2019What's new in SharePoint Server 2019
What's new in SharePoint Server 2019BIWUG
 
Why you shouldn't probably care about Machine Learning
Why you shouldn't probably care about Machine LearningWhy you shouldn't probably care about Machine Learning
Why you shouldn't probably care about Machine LearningBIWUG
 
Transforming your classic team sites in group connected team sites
Transforming your classic team sites in group connected team sitesTransforming your classic team sites in group connected team sites
Transforming your classic team sites in group connected team sitesBIWUG
 

More from BIWUG (20)

Biwug20190425
Biwug20190425Biwug20190425
Biwug20190425
 
Working with PowerShell, Visual Studio Code and Github for the reluctant IT Pro
Working with PowerShell, Visual Studio Code and Github for the reluctant IT ProWorking with PowerShell, Visual Studio Code and Github for the reluctant IT Pro
Working with PowerShell, Visual Studio Code and Github for the reluctant IT Pro
 
Global Office 365 Developer Bootcamp
Global Office 365 Developer BootcampGlobal Office 365 Developer Bootcamp
Global Office 365 Developer Bootcamp
 
Deep dive into advanced teams development
Deep dive into advanced teams developmentDeep dive into advanced teams development
Deep dive into advanced teams development
 
SharePoint wizards - no magic needed, just use Microsoft Flow
SharePoint wizards - no magic needed, just use Microsoft FlowSharePoint wizards - no magic needed, just use Microsoft Flow
SharePoint wizards - no magic needed, just use Microsoft Flow
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
 
Modern collaboration in teams and projects with Microsoft 365
Modern collaboration in teams and projects with Microsoft 365Modern collaboration in teams and projects with Microsoft 365
Modern collaboration in teams and projects with Microsoft 365
 
Mining SharePoint data with PowerBI
Mining SharePoint data with PowerBIMining SharePoint data with PowerBI
Mining SharePoint data with PowerBI
 
Don't simply deploy, transform! Build your digital workplace in Office 365
Don't simply deploy, transform! Build your digital workplace in Office 365Don't simply deploy, transform! Build your digital workplace in Office 365
Don't simply deploy, transform! Build your digital workplace in Office 365
 
Connect SharePoint Framework solutions to APIs secured with Azure AD
Connect SharePoint Framework solutions to APIs secured with Azure ADConnect SharePoint Framework solutions to APIs secured with Azure AD
Connect SharePoint Framework solutions to APIs secured with Azure AD
 
Cloud First. Be Prepared
Cloud First. Be PreparedCloud First. Be Prepared
Cloud First. Be Prepared
 
APIs, APIs Everywhere!
APIs, APIs Everywhere!APIs, APIs Everywhere!
APIs, APIs Everywhere!
 
Advanced PowerShell for Office 365
Advanced PowerShell for Office 365Advanced PowerShell for Office 365
Advanced PowerShell for Office 365
 
New era of customizing site provisioning
New era of customizing site provisioningNew era of customizing site provisioning
New era of customizing site provisioning
 
Understanding SharePoint Framework Extensions
Understanding SharePoint Framework ExtensionsUnderstanding SharePoint Framework Extensions
Understanding SharePoint Framework Extensions
 
Microsoft Flow in Real World Projects: 2 Years later & What's next
Microsoft Flow in Real World Projects: 2 Years later & What's nextMicrosoft Flow in Real World Projects: 2 Years later & What's next
Microsoft Flow in Real World Projects: 2 Years later & What's next
 
Microsoft Stream - Your enterprise video portal unleashed
Microsoft Stream - Your enterprise video portal unleashedMicrosoft Stream - Your enterprise video portal unleashed
Microsoft Stream - Your enterprise video portal unleashed
 
What's new in SharePoint Server 2019
What's new in SharePoint Server 2019What's new in SharePoint Server 2019
What's new in SharePoint Server 2019
 
Why you shouldn't probably care about Machine Learning
Why you shouldn't probably care about Machine LearningWhy you shouldn't probably care about Machine Learning
Why you shouldn't probably care about Machine Learning
 
Transforming your classic team sites in group connected team sites
Transforming your classic team sites in group connected team sitesTransforming your classic team sites in group connected team sites
Transforming your classic team sites in group connected team sites
 

Recently uploaded

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Recently uploaded (20)

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Claims Based Authentication for Mere Mortals #SPSBE26

  • 1. #SPSBE Claims based authentication for mere mortals #SPSBE26 Thomas Vochten
  • 3. A big thanks to our sponsors Platinum Sponsors Gold Premium Sponsors Venue Sponsor Gold Sponsors
  • 4. Agenda • Claims Based Identity • Claims within SharePoint 2010 • Claim Providers • Windows Claims • Trusted Provider claims • Federation & Single Sign On • Claims in the Real World
  • 6. Claims based identity • Not a new concept • Claims provide abstraction • Authentication (AuthN) versus Authorization (AuthZ) • AuthZ decision are based on claims
  • 7. Setting the scene • Claim • Security Token • Identity Provider (IdP) • Relying Party (RP) • Security Token Service (STS) • Realm
  • 8. Name Claim Age Claim Location Claim Claim Signature
  • 9. AuthN AuthZ
  • 10. Claims within SharePoint 2010 3 types of claim providers • Windows • Trusted Provider • Forms Based Authn Multiple Authn providers possible in the same zone Be sure to be at Service Pack 1 with June 2011 CU minimum
  • 11. Multiple Authentication Providers Mixed Authentication Multi-Authentication SharePoint SharePoint Farm Farm Web Application Web Application Windows Windows Authentication Zone: Default Authentication Zone: Default Regular label-callout text FBA Authentication Extended Web Application Extended Web Application Zone: Extranet FBA Zone: Extranet SAML Based Authentication Authentication FBA Authentication Extended Web Application Extended Web Application Zone: Intranet ... Zone: Intranet Windows Authentication Extended Web Application Extended Web Application Zone: Internet ... Zone: Internet ... Extended Web Application Extended Web Application Zone: Custom ... Zone: Custom ...
  • 15. Claims Providers • Augmentation of claims • Resolution of claims
  • 16. Windows Claims • NTLM or Kerberos • Automatic sign in • Used by SharePoint internally • Claims to Windows Token Service for outbound claims (c2wts) Claims Provider Functions • Augmentation with Windows security groups • People picker does lookups in Active Directory
  • 17. Migrating to Windows Claims • Planning is crucial • Classic to claims only • No way back • 2 step process: Changing the web application to use claims Migrating the user identities
  • 18. Demo Exploring Windows Claims
  • 19. Trusted Provider claims • SharePoint as relying party • Needs an external identity provider such as ADFS • Based on open standards (SAML, WS-*) • Logging in: just a bunch of redirects • Migration not out of the box (custom code needed) Setup • Setup identity provider • Setup trust via PowerShell Claims Provider functions • Nothing out of the box (custom code needed)
  • 20. Trust 3 SharePoint A ut he nt ic 4 at io Identity Provider S n ec R Security Token Service ur eq ity ue (IP-STS) to st k en 5 Service token request Claims Providers 6 Security token response SharePoint ASP.net Client 1 Active Directory Requ STS Trust Membership e st R eso urce 2 Auth en ticate Requ est/R SharePoint edire LiveID SAML ct Authorization Based 7 Request Resource with service token
  • 21. Demo Exploring Trusted Provider Claims
  • 22. Federation & Single Sign On • Chain of trusted/trusting identity providers • Multiple use cases extranet access mergers & acquisitions cross-forest authentication • Single Sign On possibilities • Integration with other systems like FIM, UAG or ACS
  • 23.
  • 24. Claims in the real world • When would you use claims based AuthN? • Integration with other applications like Office • Some stuff will break or doesn’t support claims! • Choose your unique ID wisely • You will probably need a custom claims provider • Home realm discovery • Learn to give up control • Test test test
  • 25. Some last considerations… • Use SSL • Kerberos is not dead • Choose your unique ID wisely • Software prerequisites • Token cache settings • No 2 factor AuthN out of the box • Custom claims provider on app server • FAST document preview • Debatable workaround for c2wts • SQL, PowerPivot, PerfPoint, UPA,... • SAML claims has the most functional issues • Next wave of MS products
  • 26. RESOURCES • A guide to claims based identity and access control (2nd edition), MSDN • Implementing Claims-Based Authentication with SharePoint Server 2010, TechNet • Steve Peschka’s blog Links & more resources available on my blog at http://thomasvochten.com
  • 27. We need your feedback! Scan this QR code or visit http://svy.mk/sps2012be Our sponsors: