SlideShare a Scribd company logo

Session 3c The SF SaaS Framework

Download as PPTX, PDF
Code Mastery
Code Mastery
TechnologyBusiness
1 of 26
SaaS Security Using Federated Identity Management Azure AppFabric Access Control Service (ACS) Windows Identity Foundation (WIF)
What Were The Requirements? • Favor proven security frameworks and industry standards over custom security code • Single sign on (SSO) between tenants • Preferably not own or manage sensitive data • Avoid account management in the app such as lost password, etc.
Our Solution: Federated Identity Management • Leverage popular web identity providers such as Google, Yahoo. • Leverage Azure ACS as an aggregator of these providers • Leverage WIF for integration with ACS and claims management
Concept Diagram Federation Provider Identity Providers OpenID ACS SAML Relying Party (RP) IIS Google * WIF Claim Yahoo STS
Demo Setup Azure AppFabric Access Control Service (ACS)
Demo – Preview Portal
Demo – Portal
Demo – Create Namespace
Demo – Manage Access Control
Demo – Identity Provider
Demo – Relying Party Application Settings
Demo – RP – Authentication Settings
Demo – Edit Rule Group
Demo – Generate Rules To Create Claims
Demo – WS-Federation Metadata
Demo Setup Windows Identity Foundation (WIF)
Demo – Add STS Reference
Demo – Application URI
Demo – STS Location
Demo – Add Project Reference
ASP.NET Request Validation Error Message: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo..."). Workaround For Testing: Solution For Production:
Authentication Flow Diagram 1 3 Browser 6 4 2 5 MVC Website Access Control Identity Providers(IP) Service (ACS) Google Yahoo WIF STS 1. Request login returns 302 redirect to ACS 4. Post credentials, returns token with 302 2. Request IP selection form from ACS redirect to ACS 3. Request login form from IP 5. Validate and transform token to SAML claims. 6. Post SAML to MVC website callback. WIF processes and sets cookie.
Demo Claims Authentication And Authorization
Demo - Claims
Disadvantages • Your user identities are tied to your ACS namespace - challenging if you ever wanted to migrate away from your ACS namespace • Additional cost – you pay for each token issued • Reliance on external service for authentication • WIF is not well integrated into the .NET framework (but that improves in 4.5) – WIF is also not very DI friendly
Summary • Low barrier to entry for using existing social identities in your app • ACS and WIF encapsulate the complexity • Users don’t need to remember another username and password • Developers get to save time implementing and maintaining account management features

Recommended

SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
Mika Koivisto
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
Anil Saldanha
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
Dan Brinkmann
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloud
Nagraj Rao
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
IBM Single Sign-On
IBM Single Sign-OnIBM Single Sign-On
IBM Single Sign-On
Van Staub, MBA
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
Anton Staykov
 

Recommended

SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
Mika Koivisto
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
Anil Saldanha
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
Dan Brinkmann
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloud
Nagraj Rao
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
IBM Single Sign-On
IBM Single Sign-OnIBM Single Sign-On
IBM Single Sign-On
Van Staub, MBA
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
Anton Staykov
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
Dave Hay
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010
Spencer Harbar
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and Performance
Amin Saqi
 
LIExplorer
LIExplorerLIExplorer
LIExplorer
Vijay Viswas
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Active Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBMActive Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBM
Van Staub, MBA
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.Net
Shivanand Arur
 
Ad fs
Ad fsAd fs
Ad fs
Iván Sanchez Vera
 
SAML Smackdown
SAML SmackdownSAML Smackdown
SAML Smackdown
Pat Patterson
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
Swati Sinha
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
webhostingguy
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018
Jeremy Gray
 
SharePoint 2007 Security
SharePoint 2007 SecuritySharePoint 2007 Security
SharePoint 2007 Security
SharePoint & .NET Blog
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
Shivanand Arur
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
Mike Schwartz
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Phuong Nguyen
 
2007 03 12 Swecr 2
2007 03 12 Swecr 22007 03 12 Swecr 2
2007 03 12 Swecr 2
kiyoshi_tezuka
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...
kanimozhin
 

More Related Content

What's hot

DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010
Spencer Harbar
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
webhostingguy
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Phuong Nguyen
 

What's hot (20)

“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and Performance
 
LIExplorer
LIExplorerLIExplorer
LIExplorer
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
 
Active Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBMActive Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBM
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.Net
 
Ad fs
Ad fsAd fs
Ad fs
 
SAML Smackdown
SAML SmackdownSAML Smackdown
SAML Smackdown
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
 
Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018Azure AD B2C An Introduction - DogFoodCon 2018
Azure AD B2C An Introduction - DogFoodCon 2018
 
SharePoint 2007 Security
SharePoint 2007 SecuritySharePoint 2007 Security
SharePoint 2007 Security
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
 

Viewers also liked

SaaS Operations Practice Overview SoftServe DevOps
SaaS Operations Practice Overview SoftServe DevOpsSaaS Operations Practice Overview SoftServe DevOps
SaaS Operations Practice Overview SoftServe DevOps
SoftServe
 
Open Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsOpen Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service Applications
Javier Mijail Espadas Pech
 
Software As A Service Presentation
Software As A Service PresentationSoftware As A Service Presentation
Software As A Service Presentation
al95iii
 

Viewers also liked (14)

2007 03 12 Swecr 2
2007 03 12 Swecr 22007 03 12 Swecr 2
2007 03 12 Swecr 2
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...
 
Webinar series part 2 recipe for a successful saa s company - migrating sing...
Webinar series part 2 recipe for a successful saa s company - migrating sing...Webinar series part 2 recipe for a successful saa s company - migrating sing...
Webinar series part 2 recipe for a successful saa s company - migrating sing...
 
SaaS Operations Practice Overview SoftServe DevOps
SaaS Operations Practice Overview SoftServe DevOpsSaaS Operations Practice Overview SoftServe DevOps
SaaS Operations Practice Overview SoftServe DevOps
 
AWS 기반 소프트웨어 서비스(SaaS) -김용우 솔루션즈 아키텍트 :: AWS 파트너 테크시프트 세미나
AWS 기반 소프트웨어 서비스(SaaS) -김용우 솔루션즈 아키텍트 :: AWS 파트너 테크시프트 세미나 AWS 기반 소프트웨어 서비스(SaaS) -김용우 솔루션즈 아키텍트 :: AWS 파트너 테크시프트 세미나
AWS 기반 소프트웨어 서비스(SaaS) -김용우 솔루션즈 아키텍트 :: AWS 파트너 테크시프트 세미나
 
SaaS Architecture Past and Present
SaaS Architecture Past and PresentSaaS Architecture Past and Present
SaaS Architecture Past and Present
 
SaaS 동향
SaaS 동향SaaS 동향
SaaS 동향
 
Open Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsOpen Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service Applications
 
Building SaaS products with Windows Azure
Building SaaS products with Windows Azure Building SaaS products with Windows Azure
Building SaaS products with Windows Azure
 
Architecting SaaS: Doing It Right the First Time
Architecting SaaS: Doing It Right the First TimeArchitecting SaaS: Doing It Right the First Time
Architecting SaaS: Doing It Right the First Time
 
SaaS Introduction-May2014
SaaS Introduction-May2014SaaS Introduction-May2014
SaaS Introduction-May2014
 
Iaas.paas.saas
Iaas.paas.saasIaas.paas.saas
Iaas.paas.saas
 
Software As A Service Presentation
Software As A Service PresentationSoftware As A Service Presentation
Software As A Service Presentation
 
The SaaS business model
The SaaS business modelThe SaaS business model
The SaaS business model
 

Similar to Session 3c The SF SaaS Framework

Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
Spiffy
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Joris Poelmans
 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
deimos
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
Claims based identity second edition device
Claims based identity second edition deviceClaims based identity second edition device
Claims based identity second edition device
Steve Xu
 

Similar to Session 3c The SF SaaS Framework (20)

Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
 
Net Services
Net ServicesNet Services
Net Services
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
Expandindo seu Data Center com uma infraestrutura hibrida
Expandindo seu Data Center com uma infraestrutura hibridaExpandindo seu Data Center com uma infraestrutura hibrida
Expandindo seu Data Center com uma infraestrutura hibrida
 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Claims based identity second edition device
Claims based identity second edition deviceClaims based identity second edition device
Claims based identity second edition device
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
 
SharePoint Saturday The Conference 2011 - Extranets & Claims Authentication
SharePoint Saturday The Conference 2011 - Extranets & Claims AuthenticationSharePoint Saturday The Conference 2011 - Extranets & Claims Authentication
SharePoint Saturday The Conference 2011 - Extranets & Claims Authentication
 
V cloud request manager overview presentation
V cloud request manager overview presentationV cloud request manager overview presentation
V cloud request manager overview presentation
 
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Build and Deploy LightSwitch Application on Windows Azure
Build and Deploy LightSwitch Application on Windows AzureBuild and Deploy LightSwitch Application on Windows Azure
Build and Deploy LightSwitch Application on Windows Azure
 
Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...
 
NIC - Windows Azure Pack - Level 300
NIC - Windows Azure Pack - Level 300NIC - Windows Azure Pack - Level 300
NIC - Windows Azure Pack - Level 300
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 

More from Code Mastery

Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practices
Code Mastery
 

More from Code Mastery (20)

Using SSRS Reports with SSAS Cubes
Using SSRS Reports with SSAS CubesUsing SSRS Reports with SSAS Cubes
Using SSRS Reports with SSAS Cubes
 
Query Tuning for Database Pros & Developers
Query Tuning for Database Pros & DevelopersQuery Tuning for Database Pros & Developers
Query Tuning for Database Pros & Developers
 
Exploring, Visualizing and Presenting Data with Power View
Exploring, Visualizing and Presenting Data with Power ViewExploring, Visualizing and Presenting Data with Power View
Exploring, Visualizing and Presenting Data with Power View
 
Building a SSAS Tabular Model Database
Building a SSAS Tabular Model DatabaseBuilding a SSAS Tabular Model Database
Building a SSAS Tabular Model Database
 
Designer and Developer Collaboration with Visual Studio 2012 and Expression B...
Designer and Developer Collaboration with Visual Studio 2012 and Expression B...Designer and Developer Collaboration with Visual Studio 2012 and Expression B...
Designer and Developer Collaboration with Visual Studio 2012 and Expression B...
 
Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practices
 
Keynote Rockford Lhotka on the Microsoft Development Platftorm
Keynote Rockford Lhotka on the Microsoft Development PlatftormKeynote Rockford Lhotka on the Microsoft Development Platftorm
Keynote Rockford Lhotka on the Microsoft Development Platftorm
 
Session 5 Systems Integration Architectures: BizTalk VS Windows Workflow Foun...
Session 5 Systems Integration Architectures: BizTalk VS Windows Workflow Foun...Session 5 Systems Integration Architectures: BizTalk VS Windows Workflow Foun...
Session 5 Systems Integration Architectures: BizTalk VS Windows Workflow Foun...
 
Session 4 Future of BizTalk and the Cloud
Session 4 Future of BizTalk and the CloudSession 4 Future of BizTalk and the Cloud
Session 4 Future of BizTalk and the Cloud
 
Session 3b The SF SaaS Framework
Session 3b The SF SaaS FrameworkSession 3b The SF SaaS Framework
Session 3b The SF SaaS Framework
 
Session 3a The SF SaaS Framework
Session 3a The SF SaaS FrameworkSession 3a The SF SaaS Framework
Session 3a The SF SaaS Framework
 
Session 2 Integrating SharePoint 2010 and Windows Azure
Session 2 Integrating SharePoint 2010 and Windows AzureSession 2 Integrating SharePoint 2010 and Windows Azure
Session 2 Integrating SharePoint 2010 and Windows Azure
 
Session 1 IaaS, PaaS, SaaS Overview
Session 1 IaaS, PaaS, SaaS OverviewSession 1 IaaS, PaaS, SaaS Overview
Session 1 IaaS, PaaS, SaaS Overview
 
Loading a data warehouse using ssis 2012
Loading a data warehouse using ssis 2012Loading a data warehouse using ssis 2012
Loading a data warehouse using ssis 2012
 
Exploring, visualizing and presenting data with power view
Exploring, visualizing and presenting data with power viewExploring, visualizing and presenting data with power view
Exploring, visualizing and presenting data with power view
 
Data Warehouse Design & Dimensional Modeling
Data Warehouse Design & Dimensional ModelingData Warehouse Design & Dimensional Modeling
Data Warehouse Design & Dimensional Modeling
 
Creating a Tabular Model Using SQL Server 2012 Analysis Services
Creating a Tabular Model Using SQL Server 2012 Analysis ServicesCreating a Tabular Model Using SQL Server 2012 Analysis Services
Creating a Tabular Model Using SQL Server 2012 Analysis Services
 
Preparing for Windows 8 and Metro
Preparing for Windows 8 and MetroPreparing for Windows 8 and Metro
Preparing for Windows 8 and Metro
 
Extending Your Reach using the Cloud and Mobile Devices
Extending Your Reach using the Cloud and Mobile DevicesExtending Your Reach using the Cloud and Mobile Devices
Extending Your Reach using the Cloud and Mobile Devices
 
Creating Tomorrow’s Web Applications Using Today’s Technologies
Creating Tomorrow’s Web Applications Using Today’s Technologies Creating Tomorrow’s Web Applications Using Today’s Technologies
Creating Tomorrow’s Web Applications Using Today’s Technologies
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Session 3c The SF SaaS Framework

  • 1. SaaS Security Using Federated Identity Management Azure AppFabric Access Control Service (ACS) Windows Identity Foundation (WIF)
  • 2. What Were The Requirements? • Favor proven security frameworks and industry standards over custom security code • Single sign on (SSO) between tenants • Preferably not own or manage sensitive data • Avoid account management in the app such as lost password, etc.
  • 3. Our Solution: Federated Identity Management • Leverage popular web identity providers such as Google, Yahoo. • Leverage Azure ACS as an aggregator of these providers • Leverage WIF for integration with ACS and claims management
  • 4. Concept Diagram Federation Provider Identity Providers OpenID ACS SAML Relying Party (RP) IIS Google * WIF Claim Yahoo STS
  • 5. Demo Setup Azure AppFabric Access Control Service (ACS)
  • 8. Demo – Create Namespace
  • 9. Demo – Manage Access Control
  • 10. Demo – Identity Provider
  • 11. Demo – Relying Party Application Settings
  • 12. Demo – RP – Authentication Settings
  • 13. Demo – Edit Rule Group
  • 14. Demo – Generate Rules To Create Claims
  • 16. Demo Setup Windows Identity Foundation (WIF)
  • 17. Demo – Add STS Reference
  • 19. Demo – STS Location
  • 20. Demo – Add Project Reference
  • 21. ASP.NET Request Validation Error Message: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo..."). Workaround For Testing: Solution For Production:
  • 22. Authentication Flow Diagram 1 3 Browser 6 4 2 5 MVC Website Access Control Identity Providers(IP) Service (ACS) Google Yahoo WIF STS 1. Request login returns 302 redirect to ACS 4. Post credentials, returns token with 302 2. Request IP selection form from ACS redirect to ACS 3. Request login form from IP 5. Validate and transform token to SAML claims. 6. Post SAML to MVC website callback. WIF processes and sets cookie.
  • 25. Disadvantages • Your user identities are tied to your ACS namespace - challenging if you ever wanted to migrate away from your ACS namespace • Additional cost – you pay for each token issued • Reliance on external service for authentication • WIF is not well integrated into the .NET framework (but that improves in 4.5) – WIF is also not very DI friendly
  • 26. Summary • Low barrier to entry for using existing social identities in your app • ACS and WIF encapsulate the complexity • Users don’t need to remember another username and password • Developers get to save time implementing and maintaining account management features

Editor's Notes

  1. If project is source controlled – manually check out web.config (WIF not smart enough to do so)