SlideShare a Scribd company logo
Extending Authentication and
Authorization
Edin Kapić
Edin Kapić
• SharePoint Senior Architect &
Team Lead in Sogeti,
Barcelona
• President of SharePoint User
Group Catalonia (SUG.CAT)
• Writer at Pluralsight
• SharePoint Server Office
Servers and Services MVP
• Tinker & geek
Email : mail@edinkapic.com
Twitter : @ekapic
LinkedIn : edinkapic
Agenda
• SharePoint, Authentication and Authorization
• Claims
• Claims-based Authentication
• Claims-based Authorization
• Claims Augmentation and Transformation
• Claims Providers
• Federated Authentication
SharePoint, Authentication & Authorization
SharePoint Web App
Authentication
Provider
SPUser
Site Collection
Site
SPRoleAssignment
Authentication
Authorization
SharePoint Authentication
• SharePoint doesn’t authenticate by
itself
• It keeps user details in the user
profile database and user
information lists in each site
collection
SharePoint Authorization
• Associated with principals
• Authenticated users
• Groups (SharePoint or AD)
• Claims
• App Add-in identities
SharePoint 2013 Authentication Options
• “Classic” Windows
• Deprecated
• Claims-based
• Windows tokens
• FBA
• SAML 1.1
Windows NTLM Token
Windows NTLM Token
FBA User
SAML 1.1 Token
SAML Token
SPUser
App Add-In Authentication
• Add-ins have identity and can be assigned permissions
• Add-ins are principals, together with users and groups
• Add-in identity vs User identity
• Add-ins use OAuth to authenticate
• Low-trust add-ins use 3-legged OAuth (with ACS broker)
• High-trust add-ins use self-signed tokens
Claims
• A claim is a piece of your identity, claimed by some authority
• Claims are received upon presenting credentials to a claims provider
• Claims providers are trusted
• Examples
• Employee badge
• Name, department, clearance
• Boarding passes
• Flight, seat, class, name
• Paper Wristbands
• Ticket type, extra services
Real-world Claims
Identity Claims
Specific Claims
Claims encoded and signed
Thanks to Spencer Harbar for the original idea
SharePoint Claims
Claim Type Claim Value Issuer Original Issuer
http://schemas.xmlsoap.org
/ws/2005/05/identity/claim
s/nameidentifier
demoekapic SharePoint SharePoint
http://schemas.xmlsoap.org
/ws/2008/06/identity/claim
s/primarysid
S-1-5-21-4067827123-
213488314-8760374-
513
SharePoint Windows
http://schemas.xmlsoap.org
/ws/2005/05identity/claims
/upn
ekapic@demo.local SharePoint Windows
http://schemas.microsoft.co
m/sharepoint/2009/08/clai
ms/userid
0#.w|demoekapic SharePoint SecurityTokenService
Claims Authentication
• SharePoint augments and transforms the incoming claims to a
normalized claims identity
• Can be done by more than one claims provider
• Decouples the authentication method from the user identity
• For Windows incoming claims, there is a C2WTS (Claims to Windows
Token Service) inside SharePoint 2013 to allow converting claims back
into Windows identities
Claims Authorization
• Any claim can be used as a
security principal in SharePoint
• Flexible alternative to security
groups
• Claims can be surfaced by the
identity token service or custom
claims provider in People Picker
Claim Providers
• Augment and surface the claims for People Picker
• Can be generic or bound to a Trusted Identity Provider
• Inherits from SPClaimProvider abstract class
Claims Augmentation and Surfacing
Desired claim provider feature Implements
Claims augmentation FillClaimsForEntity
SupportsEntityInformation
Claims surfacing in People Picker FillSchema
FillClaimTypes
FillClaimValueTypes
FillEntityTypes
Claims hierarchy in People Picker left side FillHierarchy
SupportsHierarchy
Resolving typed claims in People Picker FillResolve
SupportsResolve
Searching for claims in People Picker FillSearch
SupportsSearch
DEMO
Custom Claim Provider
Federated Authentication
• When the identity provider (IdP) is distinct from Windows (or FBA),
we have federated authentication
• Third-party Secure Token Service (STS) issues a security token with
claims
• This token is trusted by “clients” (Relying Parties, RP) as the STS is
trusted by them
• Tokens are digitally signed
Federated Authentication
• ID cards or passports are
real-world examples of
federated authentication
Federated Identity Providers
• Microsoft Active Directory Federation
Services (ADFS)
• Microsoft Azure Active Directory
• Thinktecture IdentityServer
• Shibboleth
• IBM Federated Identity Manager
• ...
Active Directory Federation Services (ADFS)
• Part of Windows Server
features
• Can transform AD into a
federated IdP
• Doesn’t manage users
directly, but claims,
identity providers and
relying parties
Azure Active Directory (AAD)
• “AD and ADFS in the cloud”
• Part of Azure / Office 365 offering
• Underpins the most of the Office
365 / Azure hybrid architectures
Thinktecture IdentityServer
• Open-source IdP based on .NET and Windows Identity Framework
• Modular architecture
DEMO
Federated Authentication with
ADFS
Summary
• Claims-based identity and authorization are the only way forward, so
make sure that you understand them well
• You can decouple user authentication from the user identity
• You can extend your user identity with additional claims
• You can get your user identity from somewhere else
Further Reading
• Steve Peschka’s blog https://samlman.wordpress.com
• Kirk Evans’ blog http://blogs.msdn.com/b/kaevans/
• A Guide to Claims-Identity and Access Control
https://msdn.microsoft.com/en-us/library/ff423674.aspx
Thank you!
Tack så mycket!

More Related Content

What's hot

DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010
Spencer Harbar
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
Anton Staykov
 
SharePoint 2013 APIs demystified
SharePoint 2013 APIs demystifiedSharePoint 2013 APIs demystified
SharePoint 2013 APIs demystified
SPC Adriatics
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Chris Gillum
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
John Garland
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
 
Oauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted appsOauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted apps
James Tramel
 
DevSum: Azure AD B2C Application security made easy
DevSum: Azure AD B2C Application security made easyDevSum: Azure AD B2C Application security made easy
DevSum: Azure AD B2C Application security made easy
Sjoukje Zaal
 
Dear Azure: External collaboration with Azure AD B2B
Dear Azure: External collaboration with Azure AD B2BDear Azure: External collaboration with Azure AD B2B
Dear Azure: External collaboration with Azure AD B2B
Sjoukje Zaal
 
O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalO365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
NCCOMMS
 
Intelligent Cloud Conference: Azure AD B2C Application security made easy
Intelligent Cloud Conference: Azure AD B2C Application security made easyIntelligent Cloud Conference: Azure AD B2C Application security made easy
Intelligent Cloud Conference: Azure AD B2C Application security made easy
Sjoukje Zaal
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
Manoj Mittal
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
Granikos GmbH & Co. KG
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
SPC Adriatics
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
Jay Simcox
 
Azure B2C
Azure B2CAzure B2C
Azure B2C
Marco De Sanctis
 
Azure Saturday: External Collaboration With Azure AD B2B
Azure Saturday:  External Collaboration With Azure AD B2BAzure Saturday:  External Collaboration With Azure AD B2B
Azure Saturday: External Collaboration With Azure AD B2B
Sjoukje Zaal
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
Natallia Makarevich
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth
 

What's hot (19)

DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
 
SharePoint 2013 APIs demystified
SharePoint 2013 APIs demystifiedSharePoint 2013 APIs demystified
SharePoint 2013 APIs demystified
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Oauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted appsOauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted apps
 
DevSum: Azure AD B2C Application security made easy
DevSum: Azure AD B2C Application security made easyDevSum: Azure AD B2C Application security made easy
DevSum: Azure AD B2C Application security made easy
 
Dear Azure: External collaboration with Azure AD B2B
Dear Azure: External collaboration with Azure AD B2BDear Azure: External collaboration with Azure AD B2B
Dear Azure: External collaboration with Azure AD B2B
 
O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje ZaalO365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal
 
Intelligent Cloud Conference: Azure AD B2C Application security made easy
Intelligent Cloud Conference: Azure AD B2C Application security made easyIntelligent Cloud Conference: Azure AD B2C Application security made easy
Intelligent Cloud Conference: Azure AD B2C Application security made easy
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
Azure B2C
Azure B2CAzure B2C
Azure B2C
 
Azure Saturday: External Collaboration With Azure AD B2B
Azure Saturday:  External Collaboration With Azure AD B2BAzure Saturday:  External Collaboration With Azure AD B2B
Azure Saturday: External Collaboration With Azure AD B2B
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 

Similar to ESPC15 - Extending Authentication and Authorization

Extending Authentication and Authorization
Extending Authentication and AuthorizationExtending Authentication and Authorization
Extending Authentication and Authorization
Edin Kapic
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision IT
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
Liam Cleary [MVP]
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Joris Poelmans
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision IT
 
Envision it Webinar - Extranet Identity Management and Authentication for Sha...
Envision it Webinar - Extranet Identity Management and Authentication for Sha...Envision it Webinar - Extranet Identity Management and Authentication for Sha...
Envision it Webinar - Extranet Identity Management and Authentication for Sha...
Envision IT
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
Brian Culver
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
Joonas Westlin
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
Liam Cleary [MVP]
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
Morgan Simonsen
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
Liam Cleary [MVP]
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
Liam Cleary [MVP]
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devs
Steven Van de Craen
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
NCCOMMS
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
NCCOMMS
 
Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020
Microsoft 365 Developer
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptx
zmulani8
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuth
Kashif Imran
 
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series  - Extranet User ProvisioningEnvision it SharePoint Extranet Webinar Series  - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision IT
 
Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010
Jonathan Schultz
 

Similar to ESPC15 - Extending Authentication and Authorization (20)

Extending Authentication and Authorization
Extending Authentication and AuthorizationExtending Authentication and Authorization
Extending Authentication and Authorization
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
 
Envision it Webinar - Extranet Identity Management and Authentication for Sha...
Envision it Webinar - Extranet Identity Management and Authentication for Sha...Envision it Webinar - Extranet Identity Management and Authentication for Sha...
Envision it Webinar - Extranet Identity Management and Authentication for Sha...
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devs
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
 
Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptx
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuth
 
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series  - Extranet User ProvisioningEnvision it SharePoint Extranet Webinar Series  - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
 
Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010
 

More from Edin Kapic

Rx la joya oculta de Net
Rx la joya oculta de NetRx la joya oculta de Net
Rx la joya oculta de Net
Edin Kapic
 
Personal Branding for Developers
Personal Branding for DevelopersPersonal Branding for Developers
Personal Branding for Developers
Edin Kapic
 
SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...
SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...
SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...
Edin Kapic
 
ESPC14 Social Business Value Demystified
ESPC14 Social Business Value DemystifiedESPC14 Social Business Value Demystified
ESPC14 Social Business Value Demystified
Edin Kapic
 
Maintainable Testable SharePoint Components SPSBE 2014
Maintainable Testable SharePoint Components SPSBE 2014Maintainable Testable SharePoint Components SPSBE 2014
Maintainable Testable SharePoint Components SPSBE 2014
Edin Kapic
 
MVP Open Day 2014 - Hacking Human Behaviour
MVP Open Day 2014 - Hacking Human BehaviourMVP Open Day 2014 - Hacking Human Behaviour
MVP Open Day 2014 - Hacking Human Behaviour
Edin Kapic
 
SPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 App
SPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 AppSPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 App
SPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 App
Edin Kapic
 
7 Key Things for Building a Highly-Scalable SharePoint 2013 App
7 Key Things for Building a Highly-Scalable SharePoint 2013 App7 Key Things for Building a Highly-Scalable SharePoint 2013 App
7 Key Things for Building a Highly-Scalable SharePoint 2013 App
Edin Kapic
 
Social Business Value Demystified: Real-World Experiences
Social Business Value Demystified: Real-World ExperiencesSocial Business Value Demystified: Real-World Experiences
Social Business Value Demystified: Real-World Experiences
Edin Kapic
 
BcnDevCon13 - No Designer? No Problem!
BcnDevCon13 - No Designer? No Problem!BcnDevCon13 - No Designer? No Problem!
BcnDevCon13 - No Designer? No Problem!
Edin Kapic
 
BcnDevCon12 - Una vuelta por Orchard CMS
BcnDevCon12 - Una vuelta por Orchard CMSBcnDevCon12 - Una vuelta por Orchard CMS
BcnDevCon12 - Una vuelta por Orchard CMS
Edin Kapic
 
BcnDevCon12 - CQRS explicado a mi compañero arquitecto
BcnDevCon12 - CQRS explicado a mi compañero arquitectoBcnDevCon12 - CQRS explicado a mi compañero arquitecto
BcnDevCon12 - CQRS explicado a mi compañero arquitecto
Edin Kapic
 
Modelos de madurez de SharePoint
Modelos de madurez de SharePointModelos de madurez de SharePoint
Modelos de madurez de SharePoint
Edin Kapic
 
SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)
SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)
SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)
Edin Kapic
 
SUG.CAT First Monday Noviembre 2012
SUG.CAT First Monday Noviembre 2012SUG.CAT First Monday Noviembre 2012
SUG.CAT First Monday Noviembre 2012
Edin Kapic
 
JavaScript per a desenvolupadors de C#
JavaScript per a desenvolupadors de C#JavaScript per a desenvolupadors de C#
JavaScript per a desenvolupadors de C#
Edin Kapic
 
CatDotNet - Farmville para SharePoint
CatDotNet - Farmville para SharePointCatDotNet - Farmville para SharePoint
CatDotNet - Farmville para SharePoint
Edin Kapic
 
Universidad de La Habana - SharePoint, Listas y XSLT
Universidad de La Habana  - SharePoint, Listas y XSLTUniversidad de La Habana  - SharePoint, Listas y XSLT
Universidad de La Habana - SharePoint, Listas y XSLT
Edin Kapic
 
SharePoint kao razvojna platforma za ASP.NET developere
SharePoint kao razvojna platforma za ASP.NET developereSharePoint kao razvojna platforma za ASP.NET developere
SharePoint kao razvojna platforma za ASP.NET developere
Edin Kapic
 

More from Edin Kapic (19)

Rx la joya oculta de Net
Rx la joya oculta de NetRx la joya oculta de Net
Rx la joya oculta de Net
 
Personal Branding for Developers
Personal Branding for DevelopersPersonal Branding for Developers
Personal Branding for Developers
 
SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...
SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...
SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...
 
ESPC14 Social Business Value Demystified
ESPC14 Social Business Value DemystifiedESPC14 Social Business Value Demystified
ESPC14 Social Business Value Demystified
 
Maintainable Testable SharePoint Components SPSBE 2014
Maintainable Testable SharePoint Components SPSBE 2014Maintainable Testable SharePoint Components SPSBE 2014
Maintainable Testable SharePoint Components SPSBE 2014
 
MVP Open Day 2014 - Hacking Human Behaviour
MVP Open Day 2014 - Hacking Human BehaviourMVP Open Day 2014 - Hacking Human Behaviour
MVP Open Day 2014 - Hacking Human Behaviour
 
SPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 App
SPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 AppSPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 App
SPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 App
 
7 Key Things for Building a Highly-Scalable SharePoint 2013 App
7 Key Things for Building a Highly-Scalable SharePoint 2013 App7 Key Things for Building a Highly-Scalable SharePoint 2013 App
7 Key Things for Building a Highly-Scalable SharePoint 2013 App
 
Social Business Value Demystified: Real-World Experiences
Social Business Value Demystified: Real-World ExperiencesSocial Business Value Demystified: Real-World Experiences
Social Business Value Demystified: Real-World Experiences
 
BcnDevCon13 - No Designer? No Problem!
BcnDevCon13 - No Designer? No Problem!BcnDevCon13 - No Designer? No Problem!
BcnDevCon13 - No Designer? No Problem!
 
BcnDevCon12 - Una vuelta por Orchard CMS
BcnDevCon12 - Una vuelta por Orchard CMSBcnDevCon12 - Una vuelta por Orchard CMS
BcnDevCon12 - Una vuelta por Orchard CMS
 
BcnDevCon12 - CQRS explicado a mi compañero arquitecto
BcnDevCon12 - CQRS explicado a mi compañero arquitectoBcnDevCon12 - CQRS explicado a mi compañero arquitecto
BcnDevCon12 - CQRS explicado a mi compañero arquitecto
 
Modelos de madurez de SharePoint
Modelos de madurez de SharePointModelos de madurez de SharePoint
Modelos de madurez de SharePoint
 
SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)
SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)
SharePoint 2013 Novedades y más allá (Introducción de SUG.CAT)
 
SUG.CAT First Monday Noviembre 2012
SUG.CAT First Monday Noviembre 2012SUG.CAT First Monday Noviembre 2012
SUG.CAT First Monday Noviembre 2012
 
JavaScript per a desenvolupadors de C#
JavaScript per a desenvolupadors de C#JavaScript per a desenvolupadors de C#
JavaScript per a desenvolupadors de C#
 
CatDotNet - Farmville para SharePoint
CatDotNet - Farmville para SharePointCatDotNet - Farmville para SharePoint
CatDotNet - Farmville para SharePoint
 
Universidad de La Habana - SharePoint, Listas y XSLT
Universidad de La Habana  - SharePoint, Listas y XSLTUniversidad de La Habana  - SharePoint, Listas y XSLT
Universidad de La Habana - SharePoint, Listas y XSLT
 
SharePoint kao razvojna platforma za ASP.NET developere
SharePoint kao razvojna platforma za ASP.NET developereSharePoint kao razvojna platforma za ASP.NET developere
SharePoint kao razvojna platforma za ASP.NET developere
 

Recently uploaded

Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
Karya Keeper
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
mz5nrf0n
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
gapen1
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
kalichargn70th171
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging  a  Tech AgencyPreparing Non - Technical Founders for Engaging  a  Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
ISH Technologies
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
TaghreedAltamimi
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
VALiNTRY360
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
Peter Muessig
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 

Recently uploaded (20)

Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging  a  Tech AgencyPreparing Non - Technical Founders for Engaging  a  Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 

ESPC15 - Extending Authentication and Authorization

  • 2. Edin Kapić • SharePoint Senior Architect & Team Lead in Sogeti, Barcelona • President of SharePoint User Group Catalonia (SUG.CAT) • Writer at Pluralsight • SharePoint Server Office Servers and Services MVP • Tinker & geek Email : mail@edinkapic.com Twitter : @ekapic LinkedIn : edinkapic
  • 3. Agenda • SharePoint, Authentication and Authorization • Claims • Claims-based Authentication • Claims-based Authorization • Claims Augmentation and Transformation • Claims Providers • Federated Authentication
  • 4. SharePoint, Authentication & Authorization SharePoint Web App Authentication Provider SPUser Site Collection Site SPRoleAssignment Authentication Authorization
  • 5. SharePoint Authentication • SharePoint doesn’t authenticate by itself • It keeps user details in the user profile database and user information lists in each site collection
  • 6. SharePoint Authorization • Associated with principals • Authenticated users • Groups (SharePoint or AD) • Claims • App Add-in identities
  • 7. SharePoint 2013 Authentication Options • “Classic” Windows • Deprecated • Claims-based • Windows tokens • FBA • SAML 1.1 Windows NTLM Token Windows NTLM Token FBA User SAML 1.1 Token SAML Token SPUser
  • 8. App Add-In Authentication • Add-ins have identity and can be assigned permissions • Add-ins are principals, together with users and groups • Add-in identity vs User identity • Add-ins use OAuth to authenticate • Low-trust add-ins use 3-legged OAuth (with ACS broker) • High-trust add-ins use self-signed tokens
  • 9. Claims • A claim is a piece of your identity, claimed by some authority • Claims are received upon presenting credentials to a claims provider • Claims providers are trusted • Examples • Employee badge • Name, department, clearance • Boarding passes • Flight, seat, class, name • Paper Wristbands • Ticket type, extra services
  • 10. Real-world Claims Identity Claims Specific Claims Claims encoded and signed Thanks to Spencer Harbar for the original idea
  • 11. SharePoint Claims Claim Type Claim Value Issuer Original Issuer http://schemas.xmlsoap.org /ws/2005/05/identity/claim s/nameidentifier demoekapic SharePoint SharePoint http://schemas.xmlsoap.org /ws/2008/06/identity/claim s/primarysid S-1-5-21-4067827123- 213488314-8760374- 513 SharePoint Windows http://schemas.xmlsoap.org /ws/2005/05identity/claims /upn ekapic@demo.local SharePoint Windows http://schemas.microsoft.co m/sharepoint/2009/08/clai ms/userid 0#.w|demoekapic SharePoint SecurityTokenService
  • 12. Claims Authentication • SharePoint augments and transforms the incoming claims to a normalized claims identity • Can be done by more than one claims provider • Decouples the authentication method from the user identity • For Windows incoming claims, there is a C2WTS (Claims to Windows Token Service) inside SharePoint 2013 to allow converting claims back into Windows identities
  • 13. Claims Authorization • Any claim can be used as a security principal in SharePoint • Flexible alternative to security groups • Claims can be surfaced by the identity token service or custom claims provider in People Picker
  • 14. Claim Providers • Augment and surface the claims for People Picker • Can be generic or bound to a Trusted Identity Provider • Inherits from SPClaimProvider abstract class
  • 15. Claims Augmentation and Surfacing Desired claim provider feature Implements Claims augmentation FillClaimsForEntity SupportsEntityInformation Claims surfacing in People Picker FillSchema FillClaimTypes FillClaimValueTypes FillEntityTypes Claims hierarchy in People Picker left side FillHierarchy SupportsHierarchy Resolving typed claims in People Picker FillResolve SupportsResolve Searching for claims in People Picker FillSearch SupportsSearch
  • 17. Federated Authentication • When the identity provider (IdP) is distinct from Windows (or FBA), we have federated authentication • Third-party Secure Token Service (STS) issues a security token with claims • This token is trusted by “clients” (Relying Parties, RP) as the STS is trusted by them • Tokens are digitally signed
  • 18. Federated Authentication • ID cards or passports are real-world examples of federated authentication
  • 19. Federated Identity Providers • Microsoft Active Directory Federation Services (ADFS) • Microsoft Azure Active Directory • Thinktecture IdentityServer • Shibboleth • IBM Federated Identity Manager • ...
  • 20. Active Directory Federation Services (ADFS) • Part of Windows Server features • Can transform AD into a federated IdP • Doesn’t manage users directly, but claims, identity providers and relying parties
  • 21. Azure Active Directory (AAD) • “AD and ADFS in the cloud” • Part of Azure / Office 365 offering • Underpins the most of the Office 365 / Azure hybrid architectures
  • 22. Thinktecture IdentityServer • Open-source IdP based on .NET and Windows Identity Framework • Modular architecture
  • 24. Summary • Claims-based identity and authorization are the only way forward, so make sure that you understand them well • You can decouple user authentication from the user identity • You can extend your user identity with additional claims • You can get your user identity from somewhere else
  • 25. Further Reading • Steve Peschka’s blog https://samlman.wordpress.com • Kirk Evans’ blog http://blogs.msdn.com/b/kaevans/ • A Guide to Claims-Identity and Access Control https://msdn.microsoft.com/en-us/library/ff423674.aspx

Editor's Notes

  1. In the two latest versions of SharePoint, we have seen how Claims-based authentication have taken over the traditional Windows and FBA authentication. Now we have federated identity with services such as Active Directory Federation Services (ADFS) and Azure Active Directory (AAD) and the authorization is handled by OAuth in the app model. But still, the vast majority of the deployments still use plain vanilla AD or LDAP authentication, without exploiting its flexibility and adaptability to a variety of scenarios. In this session you will learn how to extend the authentication and authorization with custom claim providers, claim augmentation and transformation. In this session you will: - Acquaint yourself with the authorization/authentication mechanism in SharePoint/Office 365 - Learn how to extend and adapt the authentication/authorization to fit your needs - Get to know the benefits of using ADFS for identity federation