Developing Custom Claim Providers to Enable Authorization in SharePoint - Antonio Maio.
With the release of SharePoint 2010, Microsoft introduced the concepts of Claims Based Authentication and Authorization. SharePoint 2013 went a step further making Claims Based Authentication the default method for authenticating users when they login. Claims, and identities in general, are playing a bigger role in the security capabilities of systems like SharePoint, enabling us to solve some new and exciting security challenges. Typically we authorize the content that users have access to using SharePoint permissions, however authentication scenarios can be extended in new and interesting ways by developing a custom component called a Custom Claim Provider. This session will introduce the concepts of Claims Based Authentication and Authorization in SharePoint and provide step by step instructions on how to develop and deploy Custom Claim Providers. The session will also walk through several examples of how custom Claim Providers can enhance SharePoint security and authorization.
This presentation will give you short and not very technical overview about claims-based authentication.
The claims-based authentication will be the way to almost all Microsoft web-based platforms around. It is more complex than old username-password method but also more secure and general.
This presentation will give you short and not very technical overview about claims-based authentication.
The claims-based authentication will be the way to almost all Microsoft web-based platforms around. It is more complex than old username-password method but also more secure and general.
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
How will SharePoint 2013 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn about the Product Catalog site template and how you can to use it. Learn about the new improvements in SharePoint 2013 regarding extranets. Learn how SharePoint 2013 can help your organization open its doors to its clients and partners securely.
Authentication through Claims-Based Authenticationijtsrd
Thinking as far as claims and issuers is an effective reflection that backs better approaches for securing your application. Claims have an understanding with the issuer and allow the claims of the user to be accepted only if the claims are issued by a trusted issuer. Authentication and authorization is explicit in CBAC as compared to other approaches. [1]. Pawan Patil | Ankit Ayyar | Vaishali Gatty"Authentication through Claims-Based Authentication" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-4 , June 2018, URL: http://www.ijtsrd.com/papers/ijtsrd15644.pdf http://www.ijtsrd.com/engineering/software-engineering/15644/authentication-through-claims-based-authentication/pawan-patil
T28 implementing adfs and hybrid share point Thorbjørn Værp
European SharePoint Conference 2014 in Barcelona.
Presentation Description:
In this session we look at modern forms of authentication . We’ll cover Windows Server Active Directory Federation Services (ADFS) concepts and look at federation with SharePoint. There are a number of difficulties that you’ll need to overcome implementing SAML claims with SP, for example people picker, user profile import, problematic use of some SharePoint apps. We’ll also cover the infrastructure side like making it work with host named site collections, reverse proxy servers and other user directories. Moving to the cloud we’ll look at the authentication architecture of the standards employed; like OAUTH, WS-* and OpenID Connect.
Presentation Benefit
Get a better understanding of Windows Server Active Directory Federation Services (ADFS) concepts and SAML claims connection with SharePoint.
You will learn...
Understand authentication architecture and standards employed.
ADFS concepts
How to implement SAML claims
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioAntonioMaio2
Strong identity management is the foundation of any organization's security strategies. With the many online services available and constant public reports of massive identity theft, businesses and consumers are becoming increasingly concerned with protecting identities and the information they contain. In business, these identities represent our employees, our partners and of our clients. Moving into a hybrid environment with SharePoint on premise and Office 365 can pose challenges in how you protect those identities and enable easy access to cloud based services. This topic will discuss key considerations and the many options available for implementing a strong identity management strategy in a hybrid environment, so that organizations can work securely with on premise resources and Office 365.
This slidedeck provides a technical deep dive about Active Directory Federation Services technology for federated authentication with Office 365 and other relying parties.
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
How will SharePoint 2010 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn what exactly is claims based authentication and how can to use it. Learn about the new multi-authentication mode in SharePoint 2010. Learn how SharePoint 2010 can help your organization open its doors to its clients and partners securely.
1. Intro - Auth - Authentication & Authorization & SSO
2. OAuth2 in Depth
3. Where does JWT fit in ?
4. How to do stateless Authorization using OAUTH2 & JWT ?
5. Some Sample Code ? How easy is it to implement ?
Cloud Native Journey in Synchrony FinancialVMware Tanzu
SpringOne Platform 2017
Michael Barber, Synchrony Financial
"Synchrony Financial’s Journey to transform the IT organization to Cloud and Cloud-Native Micro Service Organization. This session highlights our cloud journey from vision formation to strategy to fast paced private cloud build and moved our applications to Pivotal Cloud Foundry.
Synchrony Financial has always focused on technology, innovation and agility to serve the customer best. In today’s fast changing fintech environment Synchrony continuously creates innovative products, process and bring in agility by simplifying technology and improving speed to market. As our CIO states, speed is the new IP, we bring the speed by enabling modern technology platform and tools to enable our business and engineers to innovate more with less effort.
In this presentation, we will focus on sharing our journey from initial cloud vision creation, how we created a simplified strategy to prove our technology selection, validated the assumptions, created an execution strategy, transformed our process and created a fast paced road map to move to cloud-native systems and decompose monolith to micro services. We were able to achieve most it using Pivotal Cloud Foundry platform with spring frame work and tools. This presentation will also share highlights of program structure and approach of this key initiative."
How to deploy SharePoint 2010 to external users?rlsoft
A presentation about all the different aspects to be aware of when deploying SharePoint 2010 as an extranet platform, as well as the available options for network topologies and authentication methods.
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughVinu Gunasekaran
Agenda:
Reviewing the Exercise – Collect a Loyalty Number from your Customers
Getting Started with Azure AD B2C Custom Policies
Setting up the Policy
Defining the Loyalty Number Claim
Configuring Profile Editing to Include the Loyalty Number
Configure Reading and Writing the Claim
Updating the User Journey
Relying Party Declaration Updates
Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...Mahmoud Hamed Mahmoud
The presentation will help you to study for the beta exam it includes the exam objectives and the resources online cover this objectives.
have a look and tell me what you think and if this help you in your study and shall I create the next one for Exam 70-489 ?
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
How will SharePoint 2013 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn about the Product Catalog site template and how you can to use it. Learn about the new improvements in SharePoint 2013 regarding extranets. Learn how SharePoint 2013 can help your organization open its doors to its clients and partners securely.
Authentication through Claims-Based Authenticationijtsrd
Thinking as far as claims and issuers is an effective reflection that backs better approaches for securing your application. Claims have an understanding with the issuer and allow the claims of the user to be accepted only if the claims are issued by a trusted issuer. Authentication and authorization is explicit in CBAC as compared to other approaches. [1]. Pawan Patil | Ankit Ayyar | Vaishali Gatty"Authentication through Claims-Based Authentication" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-4 , June 2018, URL: http://www.ijtsrd.com/papers/ijtsrd15644.pdf http://www.ijtsrd.com/engineering/software-engineering/15644/authentication-through-claims-based-authentication/pawan-patil
T28 implementing adfs and hybrid share point Thorbjørn Værp
European SharePoint Conference 2014 in Barcelona.
Presentation Description:
In this session we look at modern forms of authentication . We’ll cover Windows Server Active Directory Federation Services (ADFS) concepts and look at federation with SharePoint. There are a number of difficulties that you’ll need to overcome implementing SAML claims with SP, for example people picker, user profile import, problematic use of some SharePoint apps. We’ll also cover the infrastructure side like making it work with host named site collections, reverse proxy servers and other user directories. Moving to the cloud we’ll look at the authentication architecture of the standards employed; like OAUTH, WS-* and OpenID Connect.
Presentation Benefit
Get a better understanding of Windows Server Active Directory Federation Services (ADFS) concepts and SAML claims connection with SharePoint.
You will learn...
Understand authentication architecture and standards employed.
ADFS concepts
How to implement SAML claims
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioAntonioMaio2
Strong identity management is the foundation of any organization's security strategies. With the many online services available and constant public reports of massive identity theft, businesses and consumers are becoming increasingly concerned with protecting identities and the information they contain. In business, these identities represent our employees, our partners and of our clients. Moving into a hybrid environment with SharePoint on premise and Office 365 can pose challenges in how you protect those identities and enable easy access to cloud based services. This topic will discuss key considerations and the many options available for implementing a strong identity management strategy in a hybrid environment, so that organizations can work securely with on premise resources and Office 365.
This slidedeck provides a technical deep dive about Active Directory Federation Services technology for federated authentication with Office 365 and other relying parties.
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
How will SharePoint 2010 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn what exactly is claims based authentication and how can to use it. Learn about the new multi-authentication mode in SharePoint 2010. Learn how SharePoint 2010 can help your organization open its doors to its clients and partners securely.
1. Intro - Auth - Authentication & Authorization & SSO
2. OAuth2 in Depth
3. Where does JWT fit in ?
4. How to do stateless Authorization using OAUTH2 & JWT ?
5. Some Sample Code ? How easy is it to implement ?
Cloud Native Journey in Synchrony FinancialVMware Tanzu
SpringOne Platform 2017
Michael Barber, Synchrony Financial
"Synchrony Financial’s Journey to transform the IT organization to Cloud and Cloud-Native Micro Service Organization. This session highlights our cloud journey from vision formation to strategy to fast paced private cloud build and moved our applications to Pivotal Cloud Foundry.
Synchrony Financial has always focused on technology, innovation and agility to serve the customer best. In today’s fast changing fintech environment Synchrony continuously creates innovative products, process and bring in agility by simplifying technology and improving speed to market. As our CIO states, speed is the new IP, we bring the speed by enabling modern technology platform and tools to enable our business and engineers to innovate more with less effort.
In this presentation, we will focus on sharing our journey from initial cloud vision creation, how we created a simplified strategy to prove our technology selection, validated the assumptions, created an execution strategy, transformed our process and created a fast paced road map to move to cloud-native systems and decompose monolith to micro services. We were able to achieve most it using Pivotal Cloud Foundry platform with spring frame work and tools. This presentation will also share highlights of program structure and approach of this key initiative."
How to deploy SharePoint 2010 to external users?rlsoft
A presentation about all the different aspects to be aware of when deploying SharePoint 2010 as an extranet platform, as well as the available options for network topologies and authentication methods.
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughVinu Gunasekaran
Agenda:
Reviewing the Exercise – Collect a Loyalty Number from your Customers
Getting Started with Azure AD B2C Custom Policies
Setting up the Policy
Defining the Loyalty Number Claim
Configuring Profile Editing to Include the Loyalty Number
Configure Reading and Writing the Claim
Updating the User Journey
Relying Party Declaration Updates
Exam 70-488 Developing Microsoft SharePoint Server 2013 Core Solutions Learni...Mahmoud Hamed Mahmoud
The presentation will help you to study for the beta exam it includes the exam objectives and the resources online cover this objectives.
have a look and tell me what you think and if this help you in your study and shall I create the next one for Exam 70-489 ?
Real world SharePoint information governance a case study - publishedAntonioMaio2
Many organizations recognize the need to establish a governance plan in order to “control the chaos” within their SharePoint portals. But, how do businesses truly do this in the real world? How do they develop a plan, and once they have one, put the policies and procedures which make up the plan actually into practice? What are typical challenges and what are real viable solutions? How do you move an organization to a more well-governed state when you already have a large unorganized content repository (SharePoint or otherwise)? How much responsibility do you impose on your business users, and how much do you control centrally? This session will look at solutions to these questions (and more) through two real life case studies: one of a global financial institution and the other of a Fortune 100 energy firm. These case studies will look at how they developed, implemented and promoted information governance policies and how they put them into practice for SharePoint in their enterprises. This session will also look at real software solutions (that you can build) within SharePoint to facilitate a business’ evolution from using a loosely-managed file repository to collaborating within a strongly-governed corporate information portal.
Overcoming Security Threats and Vulnerabilities in SharePointAntonioMaio2
How vulnerable are your SharePoint sites? Microsoft SharePoint provides features and capabilities enabling you to secure content, control authentication and authorize access to critical business information. Choosing the capabilities to make use of, configuring them and understanding their impact can be complex. During this Roundtable session you will learn about the key security features available and the best practices for using them. We will begin by talking about the business reasons that organizations need to consider when securing enterprise content, and we will then review specific capabilities available within Microsoft SharePoint, along with recommendations for using them. Throughout the session, you’ll hear examples of best practices used by large commercial enterprise, government and military to secure content within SharePoint.
This year will see another major evolution in the SharePoint on premise world - the release of SharePoint 2016! Microsoft currently has their second public beta available for download. As we work with that beta we anxiously await the product’s official final release towards the end of first-half 2016. Between now and then there is a lot to learn about what’s new and what’s changed in SharePoint 2016.
SharePoint 2016 enables great hybrid scenarios, providing for more and better integration with cloud services like Office 365. It provides significant security and compliance enhancements, and removes some of the limitations we’ve had to deal with in the past. This session will provide an overview of these great new capabilities and more about what’s new in SharePoint 2016.
SharePoint Saturday Ottawa - How secure is my data in office 365?AntonioMaio2
When considering a cloud based service like Office 365, questions about security and trust often gets asked – questions like: Can I trust Office 365 with my company’s data? How secure is my data in Office 365? Organizations are often cautious when it comes to trusting cloud services with storing and providing access to corporate data. This becomes even more of a concern when we think about sensitive data, personally identifiable data or data that requires regulatory compliance controls. Being cautious and asking a cloud service provider questions about security and trust is a positive step. Answering those questions requires learning about the security strategy the provider has employed, and the specific controls they have put in place to protect your data. This session will answer those questions and provide an overview of the robust set of security capabilities available in Office 365.
Data Visualization in SharePoint and Office 365AntonioMaio2
Data Visualization in SharePoint is the ability to use appropriate tools to cultivate and present data in an interactive and compelling visual representation by way of dashboard, report or chart. Although a number of data visualization tools are available, many organizations continue to struggle with making the best decisions regarding which tools to leverage and how data should be displayed. Common challenges include the proliferation of different screen types and sizes, the rapid pace of change in Microsoft’s Business Intelligence arena, and the abundance of excess data.
In this roundtable we will provide insight into the SharePoint and Microsoft BI stack and clarification on the data visualization options available. We will cover Power BI, Power Pivot, Datazen, and out-of-the-box solutions to name a few. We will also conduct a visual analysis demo on a mobile device and show rapid results with no code solutions.
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?Scott Hoag
Office 365 brings a host of productivity options, but one of the most overlooked components is how we'll authenticate to The Cloud™. With Microsoft Azure Active Directory driving access and authentication to our Office 365 tenants, it is important to understand how we can interact with it. Join us as we explore Cloud Identity, identity federation, directory synchronisation, and most importantly Azure and its impacts on user experience and access Office 365. Throughout this session, we'll answer the questions that impact you and how your decisions around identity shape your Office 365 experience.
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365Scott Hoag
Looking to reduce the number of post-it notes you see stuck around the office? Seeking to automate your user creation processes for Office 365? Or maybe you’re interested in single sign-on for everything you host in the cloud? Are you questioning what a cloud identity is? This session will take you through the basics of identity in the Microsoft Cloud and show you how to set up and configure Office 365 with Azure Active Directory using the Azure Active Directory Synchronization Connect tools.
Understanding Identity Management with Office 365Perficient, Inc.
As more companies leverage Office 365, identity management between on-premise and cloud has become a topic of increasing importance. Fortunately, Office 365 offers a wide range of different identity management options that you can select based on your organization’s needs and preferences.
Join Perficient as we take a look at:
What constitutes identity management in Office 365
Federation and synchronization options available with Office 365, including ADFS and DirSync with password synchronization
Multi-forest deployments and deploying infrastructure using Windows Azure
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365Scott Hoag
Looking to reduce the number of post-it notes you see stuck around the office? Seeking to automate your user creation processes for Office 365? Or maybe you're interested in single sign-on for everything you host in the cloud? Are you questioning what a cloud identity is?
This session will take you through the basics of identity in the Microsoft Cloud and show you to how to set up and configure Office 365 with Azure Active Directory using the Azure Active Directory Synchronization Connect tools.
Azure AD B2C Webinar Series: Custom Policies Part 1Vinu Gunasekaran
Agenda:
Introducing Custom Policies in Azure AD B2C
Custom Policy Components
Relying Party and User Journeys
Claims Definitions
Technical Profiles
Getting Started with Azure AD B2C Custom Policies
MongoDB World 2019: Securing Application Data from Day OneMongoDB
All too often the trend is to build an application first and then secure it second.
Luckily, with MongoDB Stitch it's easy to put data security first without slowing down development.
This session will provide a walkthrough of the best practices for authentication, data access, and data validation. We'll even provide a full sample application that you can use to get started after the session.
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
Building an application that can be provisioned and used in multiple Azure AD tenants goes far beyond just flipping a switch in your app configuration. The developer has to undertake application provisioning, decide on a provisioning strategy, push changes to customers, manage identities flowing from multiple tenants, collect essential information from authentication signals, learn to differentiate the different types of users they will encounter and understand the key differences from the B2B scenarios. In this community call, Kalyan Krishnan reviews the steps and considerations required to develop, configure, provision, and manage multi-tenant applications.
For more information, visit https://aka.ms/identityplatform
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
ESPC15 - Extending Authentication and AuthorizationEdin Kapic
My talk from European SharePoint Conference 2015 in Stockholm about how to extend SharePoint authentication and authorization using federated authentication and custom claim providers.
Slides der Präsentation von Jörg Vosse, Citrix, am Citrix Day 2014 von Digicomp:
Citrix ShareFile ist für Unternehmen konzipiert und für Mobilanwender optimiert. Im Gegensatz zu unsicheren Consumer- und anderen einfachen Dateifreigabetools bietet ShareFile Funktionen für eine sichere Synchronisierung und Freigabe von Unternehmensdateien.
Identity and Access (AD), Azure and Office 365: Building a Single Page Application (SPA) with ASP.NET Web API and Angular.js using Azure Active Directory to Log in Users
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
Microsoft has given us some amazing capabilities with the Microsoft Enterprise Mobility + Security (EM+S) suite to help protect both our information and our investments in Office 365. This collection of features gives you just about everything you need in the Microsoft Cloud for security, compliance and Information Protection. With such a vast array of services, tools and features, its often challenging to understand everything this product provides or how its layered on top of existing Office 365 security controls. In this session we’ll review the capabilities available to you in Microsoft EM+S, and you'll discover which ones may best fit with your security and compliance needs. Come and join us, as we also dive deep into some of the most useful Microsoft EM+ S tools.
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
Microsoft provides robust Cloud based tools to help protect our data and services in Office 365 from attackers and data breaches. These tools include capabilities for auditing, monitoring, enforcing policies and protecting critical enterprise data. However, Office 365 is not immune to attack. In this session you’ll learn common patterns used by attackers to compromise Office 365 tenants in the real world, how to make use of Microsoft Cloud based tools to protect your Office 365 tenant, and how to investigate and recover from an attack so that you can help prevent it from happening again. Microsoft Premier Field Engineer Theresa Eller and six time Microsoft MVP Antonio Maio share their experiences investigating data breaches, recovering from them and helping Office 365 customers from future data breaches.
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
With Office 365 PowerShell, you can manage Office 365 for your organization using commands and scripts that streamline your day to day work. Microsoft provides several easy to use admin centers to help manage Office 365. However, whether you’re an Office 365 administrator yourself or a service owner for Office 365 in your organization (working with other administrators), you’ll quickly find that you need to go beyond the capabilities that these admin centers provide. PowerShell can help you automate tasks so that they are easily repeatable, it can help you script management tasks so that they are automatically performed on a schedule and it can help you quickly output large amounts of data about your Office 365 environment. As well, some Office 365 settings are only manageable using PowerShell, with no UX provided. In this session, you’ll learn how to get started with Office 365 PowerShell and how to quickly become productive with it, making you more productive and empowered as you manage your Office 365 environment.
Office 365 Security - MacGyver, Ninja or Swat teamAntonioMaio2
Do you know the tools and tricks in your MacGyver kit for Office 365 Security? Would you consider yourself a Security Ninja, fully versed and prepared to take advantage of the Office 365 Security and Compliance Center?
Is your SWAT Team prepared to take down adversaries in worst-case scenarios? Join Antonio Maio, 5-time Microsoft MVP and 20-year security professional, as he reviews the recommended game plan to enable your inner MacGyver, execute tactical strikes like a Ninja and arm your team with information governance and security practices in use at global 100 companies. Through customer case studies and hands-on demonstrations of capabilities such as alerts, data loss prevention policies, activity audit logs, advanced security management and advanced threat protection, Antonio will show you the tools and tricks you need to effectively secure your information in Office 365.
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
There is no denying that Office 365 can make us highly productive, sharing and collaborating with coworkers, partners and clients. But, does it take care of our security and compliance issues? Is our data secure in Office 365? Yes, and no. The security of our information in Office 365 is a shared responsibility between Microsoft (the cloud provider) and us (the customers). Office 365 is a secure platform, but to truly secure our data we must make effective use of the security capabilities and features provided within the platform. We must also have strong information governance structures in place to control how information is shared and accessed through the platform. This session will provide a detailed review of the Office 365 Security and Compliance Center, including how to use the built in capabilities for alerts, data loss prevention policies, activity audit logs, advanced security management and customer lockbox. We'll also review recommended information governance and security practices based on customer experiences to help you effectively secure your information in Office 365 and uphold your end of the shared responsibility.
Office 365 security new innovations from microsoft ignite - antonio maioAntonioMaio2
With Office 365 clients continually concerned about security, governance and compliance, and with the apprehension that comes along with moving sensitive data to the cloud, it’s no surprise that Microsoft recently made a number of significant announcements at Microsoft Ignite 2016 about the new innovations they’re introducing into Office 365 to help us collaborate securely. Microsoft is getting ready to release major new security innovations like better user session control, site classification, conditional access controls, enhanced data loss prevention and stricter controls for sharing sensitive data. In this session we’ll recap those innovations and help you make sense of the new security features coming to Office 365 and how they help us better secure our content and our users.
Best practices for security and governance in share point 2013 publishedAntonioMaio2
Microsoft SharePoint provides features and capabilities enabling you to secure access, control authentication and authorize access to information. Choosing the capabilities to make use of, configuring them and understanding their impact can be a complex tax. In this session you will learn about the key security features available in Microsoft SharePoint 2013 and the best practices for using them. The sessions begin by talking about the business reasons that organizations need to consider when security their SharePoint content, and it will then review specific capabilities and options in detail with recommendations. We’ll also review various governance best practices and how they relate to SharePoint security capabilities. Throughout the session, you’ll hear examples from large commercial enterprise, government and military and about the best practices they use to secure their content within SharePoint.
Keeping SharePoint Always On - High Availability and Disaster Recovery are two topics that frequently come up. But how do you architect and build your SharePoint environment in order to meet these requirements? This session will look into the various designs for SharePoint and SQL to help you decide on the best approach for your SharePoint Implementation.
SharePoint Governance: Impacts of Moving to the CloudAntonioMaio2
Webinar presented by Christian Buckley(@buckleyplanet) & Antonio Maio(@AntonioMaio2) on the impacts to governance strategy as organizations begin planning to expand their SharePoint footprint to the cloud -- whether moving entirely to the cloud, or in a hybrid model. Includes comparisons of on prem and online advantages and risks, and a quiz to help organizations plan accordingly.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Developing custom claim providers to enable authorization in share point antonio maio - published
1. Developing Custom Claim Providers
to Enable Authorization in SharePoint
Antonio Maio
Senior SharePoint Architect & Senior Manager
Microsoft SharePoint Server MVP
Email: Antonio.maio@protiviti.com
Blog: www.trustsharepoint.com
Slide share: http://www.slideshare.net/AntonioMaio2
Twitter: @AntonioMaio2
2. Agenda
Introduction: Claims in SharePoint 2013
Getting the Right Claims for Authorization
Developing a Custom Claim Provider
Example Claim Providers
Deployment and Final Considerations
4. Authentication vs Authorization
Authentication
Process of determining that a user is who they say
they are
Authorization
Process of determining resources a user has access
to and the level of access they are granted
5. Authentication Options
Claims Based Authentication (Default)
Forms Based Authentication
(FBA – thru Claims)
Classic Mode
Integrated Windows Authentication
NTLM
Kerberos
Basic Authentication
Only configurable through PowerShell
Classic Mode has been
deprecated!
Configuration UI has been removed
and is only available thru PowerShell.
6. Claims Based Identity
What is a Claim?
A statement that one subject makes about itself :
name, identity, group, privilege, capability, etc.
Examples: name, email, logon name, security groups,
employment status, security clearance, department, etc.
What is Claims Based Identity/Authentication
A standards based exchange and trust identities across networks
Trust is a key element – achieved through digital signatures
Claims are packaged in a standard format (SAML)…
issued and digitally signed by a trusted source (security token
service)…
and exchanged over a standard protocol (SAML)
7. Claims Based Authentication
Claims are an Authentication Mechanism
Based on SAML or WS-Federation (Passive) tokens
Supports WS-Fed
Supports SAML 2.0 token format, SAML 1.1 protocol
SharePoint Online
Supports SAML 2.0 protocol, WS-Fed (Passive)
Result: Authenticated User & Security Token
Built-in SharePoint Security Token Service (STS)
Integrated Windows Authentication
Forms Based Authentication
Trusted Identity Provider
External STS (Ex. Active Directory Federation Services – ADFS)
8. Claims Based Authentication
Configured within Central Administration on each Web Application
• In Central Admin > Click Manage Web Applications
• Select the specific Web Application
• Click Authentication Providers
• Select the Zone
• Select the authentication protocol
9. Claims as Permissions
Claims are also trusted attributes about users
Tokens are digitally signed by the issuer (IP-STS)
Claims can be assigned as permissions
With a permission level
Assign to sites, libraries, folders, items/documents
SharePoint applies permissions based on
claims
User with matching claim when they sign in, SharePoint grants
level of access to content
Behave like domain groups
10. SharePoint Permission Examples
Users, Groups or Claims
Finance (AD Group) has Full Control on Library A
Contractors (SP Group) has Read access on site B
John.Smith (AD user) has Contribute access on Document C
‘Clearance=Secret’ has Full Control access on Document X
‘EmploymentStatus=FTE’ has Contribute access on Site Z
User, Group, or Claim
(also called a ‘Principle’)
Permission Level
(collection of permissions)
Information Object
(item or container)
12. Claims Based Authorization
Specific to the user
Performed done without knowing who the user is
Dynamic – ex. changes in a user’s security clearance
Based on external systems (HR systems, SQL, etc.)
Alternative to security groups – Groups do not scale
Policy Example: user must be part of GroupA and
GroupB and GroupC to access a resources
13. What types of claims do we need?
Military, Intelligence, Government Defense
Security Clearance
Caveat
Need to Know
Commercial
Department or Team
Role
Current Date/Time, Current Device (BYOD)
Group Membership with multiple groups
Aerospace/Defense Contracting
Nationality + Current Location
Homeland Security
Agency (law enforcement, emergency response, public health…)
Scope or Level (local, state, federal)
Current Threat Level
14. Identity Provider (IP)
Claims Based Authentication
Process/Call Flow
SharePoint
2013
Active Directory
(AD DS)
Active Directory
Federation Services
(ADFS)
1
2
3
4
5
6
7
1 Request a web page
2 Obtain login page from
the ADFS server
3 Request a SAML security
token
4 Validate user credentials
with the identity provider
5 Send a SAML security
token
6 Send a new web page request
containing the SAML token
7 Create SharePoint security token
& send the requested web page Fed Auth
Cookie
Custom Claim Provider
Custom Claim Provider
…
Custom Claim Provider
<Claim>
<Claim>
<Claim>
ADFS Signing
Cert
Public Portion of
ADFS Signing
Cert
16. Custom Claim Providers
SharePoint farm level feature
Can deploy more than one
Called after user is authenticated
After Trusted Identity Provider has already returned
claims
Built on WIF (Windows Identity Framework)
Used to augment claims
Used to transform claims
Used to resolve/search claims in People Picker
17. Building a Custom Claim Provider
1. Add necessary References
Microsoft.SharePoint
Microsoft.IdentityModel
Browse to find it in Program FilesReference AssembliesMicrosoftWindows Identity Foundationv3.5Microsoft.IdentityModel.dll
2. Add necessary Using statements
using System;
using System.Xml;
using System.IO;
using System.ServiceModel.Channels;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Administration;
using Microsoft.SharePoint.Administration.Claims;
using Microsoft.SharePoint.WebControls;
3. Add a Class which inherits from SPClaimProvider
namespace SampleClaimProvider
{
public class ClearanceClaimProvider : SPClaimProvider
{
public ClearanceClaimProvider (string displayName) : base(displayName)
{
}
}
}
18. Building a Custom Claim Provider
4. Implement the Abstract class
Methods:
FillClaimTypes
FillClaimValueTypes
FillClaimsForEntity
FillEntityTypes
FillHierarchy
FillResolve(2 overrides)
FillSchema
FillSearch
Properties:
Name
SupportsEntityInformation
SupportsHierarchy
SupportsResolve
SupportsSearch
public class ClearanceClaimProvider:SPClaimProvider
{
}
Right click on SPClaimProvider and select…
19. Building a Custom Claim Provider
5. Implement Required Properties
public override string Name
{get { return ProviderInternalName; }}
public override bool SupportsEntityInformation
{get { return true; }}
public override bool SupportsHierarchy
{get { return true; }}
public override bool SupportsResolve
{get { return true; }}
public override bool SupportsSearch
{get { return true; }}
Must return True for
Claims Augmentation
Returns the Claim
Provider unique
name
Supports hierarchy
display in people
picker
Supports resolving
claim values
Supports search
operation
20. Building a Custom Claim Provider
6. Create Static Properties for Name
internal static string ProviderDisplayName
{
get { return “Security Clearance"; }
}
internal static string ProviderInternalName
{
get { return “SecurityClearanceProvider"; }
}
21. Building a Custom Claim Provider
7. Create Data Source and Helper Functions
private string[] SecurityLevels = new string[]
{ "None", "Confidential", "Secret", "Top Secret" };
private static string ClearanceClaimType
{
get { return "http://schemas.sample.local/clearance"; }
}
private static string ClearanceClaimValueType
{
get { return Microsoft.IdentityModel.Claims.ClaimValueTypes.String;}
}
• Adding a claim with type URL http://schemas.sample.local/clearance and the
claim’s value is a string
22. Building a Custom Claim Provider
8. Implement Methods to Augment Claims
FillClaimTypes
FillClaimValueTypes
FillClaimsForEntity
protected override void FillClaimTypes(List<string> claimTypes)
{
if (claimTypes == null)
throw new ArgumentNullException("claimTypes");
claimTypes.Add(ClearanceClaimType);
}
protected override void FillClaimValueTypes(List<string> claimValueTypes)
{
if (claimValueTypes == null)
throw new ArgumentNullException("claimValueTypes");
claimValueTypes.Add(ClearanceClaimValueType);
}
23. 9. Implement FillClaimsForEntity to augment claims
protected override void FillClaimsForEntity(Uri context, SPClaim entity, List<SPClaim> claims)
{
if (entity == null)
throw new ArgumentNullException("entity");
if (claims == null)
throw new ArgumentNullException("claims");
if (String.IsNullOrEmpty(entity.Value))
throw new ArgumentException("Argument null or empty",
"entity.Value");
//if existing Clearance claim is ‘top secret’ then add lower levels clearances
if (. . .)
{
claims.Add(CreateClaim(ClearanceClaimType, SecurityLevels[0],
ClearanceClaimValueType));
claims.Add(CreateClaim(ClearanceClaimType, SecurityLevels[1],
ClearanceClaimValueType));
claims.Add(CreateClaim(ClearanceClaimType, SecurityLevels[2],
ClearanceClaimValueType));
}
. . .
}
Building a Custom Claim Provider
24. Customizing the People Picker
FillEntityTypes
Set of possible claims to display in the people picker
FillHierarchy
Hierarchy for displaying claims in the people picker
FillResolve(2 overrides)
Resolving claims specified in the people picker
FillSchema
Specifies the schema that is used by people picker to
display claims/entity data
FillSearch
Fills in search results in people picker window
Other Important Methods: Replacing the People Picker
25. Using Claims for Authorization
You will assign claims as permissions either
Through People Picker
Programmatically through code
In both cases you must implement
FillEntityTypes
FillHierarchy
FillResolve(2 overrides)
FillSchema
FillSearch
…or the augmented claims will not be available to you!
26. Using Claims for Authorization
FillEntityTypes
protected override void FillEntityTypes(List<string> entityTypes)
{
//Return the type of entity claim we are using
entityTypes.Add(SPClaimEntityTypes.FormsRole);
}
27. Using Claims for Authorization
FillHierarchy
protected override void FillHierarchy(Uri context, string[] entityTypes,
string hierarchyNodeID, int numberOfLevels, SPProviderHierarchyTree hierarchy)
{
if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole))
return;
switch (hierarchyNodeID)
{
case null: // when it 1st loads, add all our nodes
hierarchy.AddChild(new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode
(SecurityClearance.ProviderInternalName,
“SecurityClearance”, “Security Clearance”, true));
break;
default:
break;
}
}
hierarchy.AddChild(new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode
(SecurityClearance.ProviderInternalName,
“Caveat”, “Caveat”, true));
28. Using Claims for Authorization
FillResolve (1st override)
protected override void FillResolve(Uri context, string[] entityTypes,
SPClaim resolveInput, List<PickerEntity> resolved)
{
if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole))
return;
Microsoft.SharePoint.WebControls.PickerEntity pe = GetPickerEntity
(resolveInput.ClaimType, resolveInput.Value);
resolved.Add(pe);
}
29. Using Claims for Authorization
FillResolve (2nd override)
protected override void FillResolve(Uri context, string[] entityTypes,
string resolveInput, List<PickerEntity> resolved)
{
if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole))
return;
//create a matching entity and add it to the return list of picker entries
Microsoft.SharePoint.WebControls.PickerEntity pe = GetPickerEntity
(ClearanceClaimType, resolveInput);
resolved.Add(pe);
pe = GetPickerEntity(CaveatClaimType, resolveInput);
resolved.Add(pe);
30. Using Claims for Authorization
GetPickerEntity
private Microsoft.SharePoint.WebControls.PickerEntity GetPickerEntity
(string ClaimType, string ClaimValue)
{
Microsoft.SharePoint.WebControls.PickerEntity pe = CreatePickerEntity();
// set the claim associated with this match & tooltip displayed
pe.Claim = CreateClaim(ClaimType, ClaimValue, ClaimValueType);
pe.Description = SecurityClearance.ProviderDisplayName + ":" + ClaimValue;
// Set the text displayed in people picker
pe.DisplayText = ClaimValue;
// Store in hash table, plug in as a role type entity & flag as resolved
pe.EntityData[Microsoft.SharePoint.WebControls.PeopleEditorEntityDataKeys.
DisplayName] = ClaimValue;
pe.EntityType = SPClaimEntityTypes.FormsRole;
pe.IsResolved = true;
pe.EntityGroupName = "Additional Claims";
return pe;
}
31. Using Claims for Authorization
FillSchema
protected override void FillSchema(SPProviderSchema schema)
{
schema.AddSchemaElement(new Microsoft.SharePoint.WebControls.SPSchemaElement(
Microsoft.SharePoint.WebControls.PeopleEditorEntityDataKeys.DisplayName,
"Display Name", Microsoft.SharePoint.WebControls.SPSchemaElementType.Both));
}
32. Using Claims for Authorization
FillSearch
protected override void FillSearch(Uri context, string[] entityTypes,
string searchPattern, string hierarchyNodeID,int maxCount,
SPProviderHierarchyTree searchTree)
{
if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole))
return;
// The node where we will place our matches
Microsoft.SharePoint.WebControls.SPProviderHierarchyNode matchNode = null;
Microsoft.SharePoint.WebControls.PickerEntity pe = GetPickerEntity
(ClearanceClaimType, searchPattern);
if (!searchTree.HasChild(“SecurityClearance”))
{ // create the node so that we can show our match in there too
matchNode = new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode
(SecurityClearance.ProviderInternalName, “Security Clearance”,
“SecurityClearance”, true);
searchTree.AddChild(matchNode);
}
else
33. Using Claims for Authorization
FillSearch
protected override void FillSearch(Uri context, string[] entityTypes,
string searchPattern, string hierarchyNodeID,int maxCount,
SPProviderHierarchyTree searchTree)
{
if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole))
return;
// The node where we will place our matches
Microsoft.SharePoint.WebControls.SPProviderHierarchyNode matchNode = null;
Microsoft.SharePoint.WebControls.PickerEntity pe = GetPickerEntity
(ClearanceClaimType, searchPattern);
if (!searchTree.HasChild(“SecurityClearance”))
{ // create the node so that we can show our match in there too
matchNode = new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode
(SecurityClearance.ProviderInternalName, “Security Clearance”,
“SecurityClearance”, true);
searchTree.AddChild(matchNode);
}
else
{
// get the node for this security level
matchNode = searchTree.Children.Where(theNode => theNode.HierarchyNodeID
== “SecurityClearance”).First();
}
// add the picker entity to our tree node
matchNode.AddEntity(pe);
}
35. Claim Provider Examples
Example 1: Access sensitive information only during
work hours
protected override void FillClaimsForEntity(Uri context, SPClaim entity,
List<SPClaim> claims)
{
. . .
DateTime now = DateTime.Now;
if((now.DayOfWeek == DayOfWeek.Saturday)||(now.DayOfWeek == DayOfWeek.Sunday))
{
claims.Add(CreateClaim(WorkDayClaimType,”false”, WorkDayClaimValueType));
return;
}
//9 o'clock AM
DateTime start = new DateTime(now.Year, now.Month, now.Day, 9, 0, 0));
//5 o'clock PM
DateTime end = new DateTime(now.Year, now.Month, now.Day, 17, 0, 0));
if ((now < start) || (now > end))
{
claims.Add(CreateClaim(WorkDayClaimType,”false”, WorkDayClaimValueType));
return;
}
claims.Add(CreateClaim(WorkDayClaimType, ”true”, WorkDayClaimValueType));
}
36. Claim Provider Examples
Example 2: Information Release Dates for
Mergers and Acquisitions
Create a SharePoint list: release dates registered for each acquisition –
name it ‘Acquisition Release Register’
List item specifies: acquisition project name, release date
Document library holding acquisition documents: add a ‘lookup’
metadata column pointing to ‘Acquisition Release Register’
With every document added user selects a release entry from the Acquisition Release
Register
Use 3rd party tools or code to add a claim based permission to the item that matches
the metadata column value (project name)
Custom claim provider uses SQL DB to retrieve all entries for Acquisition
Release Register
Custom claim provider compares current date to entries in Acquisition
Release Register
If now is later than release date then add project name to user’s claims
If user has claim in their identity matching acquisition project name,
then they get access to the acquisition documents
38. Deploying Custom Claim Provider
Deployed as a Farm Level Feature Receiver –
requires more code
Must inherit from SPClaimProviderFeatureReceiver (lots
of examples)
Can deploy multiple claim providers
Called in order of deployment
Once deployed - Available in every web app, in very
zone
Can cause performance issues
When user logs in, all Custom Claim Providers deployed get
called
Set IsUsedByDefault property in Feature Receiver Def'n to
False, then turn it on manually for required web apps
39. Some Final Considerations
Reach out to SQL database, LDAP, Repository for attributes
which will get added as claims
Custom Claim Provider running in the context of the web
application, and not the site the user is logging into
Logged in as the Central Admin Service Account
Do not have context
(Most methods have no HTTP Context nor SPContext.Current)
Cannot directly access data on the Site you signed into
For Debugging use a Claims Testing Web Part in SharePoint:
http://blogs.technet.com/b/speschka/archive/2010/02/13/figuring-
out-what-claims-you-have-in-sharepoint-2010.aspx
40. Developing Custom Claim Providers
to Enable Authorization
Antonio Maio
Senior SharePoint Architect & Senior Manager
Microsoft SharePoint Server MVP
Email: Antonio.maio@protiviti.com
Blog: www.trustsharepoint.com
Slide share: http://www.slideshare.net/AntonioMaio2
Twitter: @AntonioMaio2
Thank You!
41. Appendix: PowerShell to Register Trusted
Provider & Map Claim Types
# Make sure the claim types are properly defined in the ADFS server
$map = New-SPClaimTypeMapping -IncomingClaimType
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -
IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
$map2 = New-SPClaimTypeMapping -IncomingClaimType
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName
"Role" -SameAsIncoming
$map3 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.sp.local/EmployeeStatus" -
IncomingClaimTypeDisplayName "EmployeeStatus" -SameAsIncoming
# The realm will identify the web app in ADFS. It is generally created in the form "urn:foo:bar"
$realm = "urn:sp-server-2010.sp.local:sharepoint2010"
# Use the certificate that has been exported from the ADFS server
$cert = New-Object
System.Security.Cryptography.X509Certificates.X509Certificate2("c:adfs20Certificate.cer")
# The url below will tell SharePoint where to redirect to in order to authenticate with the STS
# so this should have the ADFS url, plus the protocol (Windows integrated security - "/adfs/ls")
$signinurl = "https://adfs20.sp.local/adfs/ls"
# Adds the STS (AD FS 2.0) to SharePoint
$ap = New-SPTrustedIdentityTokenIssuer -Name "ADFS20 Provider" -Description "SharePoint secured by
ADFS20" -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map,$map2,$map3 -SignInUrl
$signinurl -IdentifierClaim $map.InputClaimType
# The certificate imported from the ADFS should be added to the trusted store
New-SPTrustedRootAuthority -Name "ADFS Token Signing Root Authority" -Certificate $cert
42. Appendix: Claims Viewer Web Part
Add the claim viewer web part to your site pages when
testing custom claim providers: