Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to claims based authentication in share point 2010


Published on

  • Be the first to comment

  • Be the first to like this

Introduction to claims based authentication in share point 2010

  1. 1. Binh Thanh NguyenSolutions Architect and Project ManagerBamboo Solutions Corporation Vietnam
  2. 2. • Identity and Identity Providers• Authentication and Authorization• Identity challenges in SharePoint 2007• Claims-Based Identity• Claims-Based Authentication in Microsoft SharePoint 2010• Demo• Q&A
  3. 3. • What is Identity? – A set of attributes to describe a user
  4. 4. • What is Identity Providers? – Composed of attributes/identifiers• Examples: – Active Directory, Directory Services
  5. 5. • What is Authentication (AuthN)? – Authentication is the process of identification and validation of a users identity• What is Authorization (AuthZ)? – Determines whether that identity has access to a particular resource such as sites, content, and other features the user can access.
  6. 6. • Authentication is intertwined within SharePoint 2007• Very Complex in doing the configuration• Access control only through attribute providersSo… What is the SOLUTIONS ???
  7. 7. • What is Claims? Issuer: Police Dept. Issuer: VN Railway – Information Full Name Name about the user ID Number Frequent flyer number … such as Full Address Train number name, e-mail, Regional Bus age, group, Date of birth Seat number etc. Date of issue Date of issue Sex Picture
  8. 8. Request ID Card ID Card Trust ID Card Ticket Ticket
  9. 9. • The service component that builds, signs, and issues security tokens.• Supports multiple credential types• Identity Provider STS (IP-STS) and a Relying Party STS(RP-STS). – An IP-STS is an STS that issues tokens that can be used to request service tokens from RP-STSs. – An RP-STS can also consume other types of tokens (or credentials), for example an NT token that comes from the domain controller or the (KDC)• STSs can be chained
  10. 10. • SharePoint STS is always relying party STS Built on Windows Identity Foundation (WIF)• Multiple authentication types• Identity Provider neutral – Configured via Central Admin or PowerShell• Delegation of user identity between applications.
  11. 11. Send Cookie Send token Issue tokenSend tokenIssue token Authenticate
  12. 12. Browser Issuer Get / Active Directory 302 AuthN SAML Token Post Process Token Cookie Cookie 302 Process Claims
  13. 13. -Classic -Claims
  14. 14. • Support existing identity infrastructure – Active Directory – LDAP, SQL – WebSSO and Identity Management Systems• Multiple authentication methods per SharePoint Web Application• Enable automatic, secure identity delegation – Cross-machines & cross-farm• Support “no-credential” connections to External web services• Standards-based and Interoperable
  15. 15. Configure claims-based authentication using Windows Live ID
  16. 16. • MSDN and Technet: – us/library/ff973117.aspx#section3 – 09/06/03/claims-based-authentication-an- overview.aspx – us/sharepoint/ff678022.aspx#lesson2 – 0/05/27/understanding-sharepoint-2010- claims-authentication.aspx• Microsoft PDC: –
  17. 17. THANK YOU!