• Identity and Identity Providers• Authentication and Authorization• Identity challenges in SharePoint 2007• Claims-Based Identity• Claims-Based Authentication in Microsoft SharePoint 2010• Demo• Q&A
• What is Identity? – A set of attributes to describe a user
• What is Identity Providers? – Composed of attributes/identifiers• Examples: – Active Directory, Directory Services
• What is Authentication (AuthN)? – Authentication is the process of identification and validation of a users identity• What is Authorization (AuthZ)? – Determines whether that identity has access to a particular resource such as sites, content, and other features the user can access.
• Authentication is intertwined within SharePoint 2007• Very Complex in doing the configuration• Access control only through attribute providersSo… What is the SOLUTIONS ???
• What is Claims? Issuer: Police Dept. Issuer: VN Railway – Information Full Name Name about the user ID Number Frequent flyer number … such as Full Address Train number name, e-mail, Regional Bus age, group, Date of birth Seat number etc. Date of issue Date of issue Sex Picture
Request ID Card ID Card Trust ID Card Ticket Ticket
• The service component that builds, signs, and issues security tokens.• Supports multiple credential types• Identity Provider STS (IP-STS) and a Relying Party STS(RP-STS). – An IP-STS is an STS that issues tokens that can be used to request service tokens from RP-STSs. – An RP-STS can also consume other types of tokens (or credentials), for example an NT token that comes from the domain controller or the (KDC)• STSs can be chained
• SharePoint STS is always relying party STS Built on Windows Identity Foundation (WIF)• Multiple authentication types• Identity Provider neutral – Configured via Central Admin or PowerShell• Delegation of user identity between applications.
• Support existing identity infrastructure – Active Directory – LDAP, SQL – WebSSO and Identity Management Systems• Multiple authentication methods per SharePoint Web Application• Enable automatic, secure identity delegation – Cross-machines & cross-farm• Support “no-credential” connections to External web services• Standards-based and Interoperable
Configure claims-based authentication using Windows Live ID