My talk from European SharePoint Conference 2015 in Stockholm about how to extend SharePoint authentication and authorization using federated authentication and custom claim providers.
T28 implementing adfs and hybrid share point Thorbjørn Værp
European SharePoint Conference 2014 in Barcelona.
Presentation Description:
In this session we look at modern forms of authentication . We’ll cover Windows Server Active Directory Federation Services (ADFS) concepts and look at federation with SharePoint. There are a number of difficulties that you’ll need to overcome implementing SAML claims with SP, for example people picker, user profile import, problematic use of some SharePoint apps. We’ll also cover the infrastructure side like making it work with host named site collections, reverse proxy servers and other user directories. Moving to the cloud we’ll look at the authentication architecture of the standards employed; like OAUTH, WS-* and OpenID Connect.
Presentation Benefit
Get a better understanding of Windows Server Active Directory Federation Services (ADFS) concepts and SAML claims connection with SharePoint.
You will learn...
Understand authentication architecture and standards employed.
ADFS concepts
How to implement SAML claims
T28 implementing adfs and hybrid share point Thorbjørn Værp
European SharePoint Conference 2014 in Barcelona.
Presentation Description:
In this session we look at modern forms of authentication . We’ll cover Windows Server Active Directory Federation Services (ADFS) concepts and look at federation with SharePoint. There are a number of difficulties that you’ll need to overcome implementing SAML claims with SP, for example people picker, user profile import, problematic use of some SharePoint apps. We’ll also cover the infrastructure side like making it work with host named site collections, reverse proxy servers and other user directories. Moving to the cloud we’ll look at the authentication architecture of the standards employed; like OAUTH, WS-* and OpenID Connect.
Presentation Benefit
Get a better understanding of Windows Server Active Directory Federation Services (ADFS) concepts and SAML claims connection with SharePoint.
You will learn...
Understand authentication architecture and standards employed.
ADFS concepts
How to implement SAML claims
Slide deck from Azure Saturday Munich 2019. Describing basics of online identity management and federation. But also capabilities of Azure AD B2C - from open standards protocols support (like OAuth and OpenID Connect) to building complex identity flows with Identity Experience Framework
This sessions if for everybody that always wanted to know about SharePoint development, but didn’t have anyone to ask, or didn’t have opportunity to try on their own. We’ll show how to start with SharePoint development, what API to use, when to use client API, is server side object model deprecated, how to setup development environment and more tips & tricks which are not usually mentioned.
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
"Easy Auth" is the Authentication / Authorization platform for Microsoft's Azure App Service and Azure Functions. This presentation covers the major scenarios that Easy Auth enables for cloud app developers.
A Developer's Introduction to Azure Active Directory B2CJohn Garland
Adding personalized experiences is often a critical part of creating an application, and the key to personalization is being able to identify your users. However, properly managing user identities can be difficult, and getting it wrong can cost you users due to usability problems, or worse, can expose your users to harm if their identity information is not properly protected. Azure Active Directory B2C provides you the ability to integrate a ready-made identity platform into your application, with options for integration with social identity providers, application-local accounts, customized workflows, and a user interface that can integrate into your app's layout and design. In this talk you will learn how you can integrate Azure Active Directory B2C into a variety of applications, and several of the ways you can customize the experience to best support both your users' and your application's needs.
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
This session will teach you everything that you need to know in order to understand SharePoint Apps, authentication and authorization. Learn about the different type of Apps, the underlying Apps architecture and how to configure an on-premises environment to support Apps. Also you will learn about the different authentications options available for integrating apps, devices, and applications for on-prem scenarios, in the cloud and hybrid.
This slidedeck provides a technical deep dive about Active Directory Federation Services technology for federated authentication with Office 365 and other relying parties.
In this session we will go through new and extended functions in the User Profile area. We will cover the planning and implementation from the organizational to the technical perspective, not only in theory but also in the live demo.
Aleksandar Drašković
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision IT
In this Webinar, Envision IT demonstrates how ADFS federation can allow external users to access an Extranet, their DMZ accounts or other external identities, and use single sign-on to other systems beyond SharePoint. View more details and the webinar recording here: http://www.envisionit.com/products/events/Pages/SharePoint-Extranet-Spring-Webinar-Series-Federation-and-SharePoint-On-Premise.aspx
Slide deck from Azure Saturday Munich 2019. Describing basics of online identity management and federation. But also capabilities of Azure AD B2C - from open standards protocols support (like OAuth and OpenID Connect) to building complex identity flows with Identity Experience Framework
This sessions if for everybody that always wanted to know about SharePoint development, but didn’t have anyone to ask, or didn’t have opportunity to try on their own. We’ll show how to start with SharePoint development, what API to use, when to use client API, is server side object model deprecated, how to setup development environment and more tips & tricks which are not usually mentioned.
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
"Easy Auth" is the Authentication / Authorization platform for Microsoft's Azure App Service and Azure Functions. This presentation covers the major scenarios that Easy Auth enables for cloud app developers.
A Developer's Introduction to Azure Active Directory B2CJohn Garland
Adding personalized experiences is often a critical part of creating an application, and the key to personalization is being able to identify your users. However, properly managing user identities can be difficult, and getting it wrong can cost you users due to usability problems, or worse, can expose your users to harm if their identity information is not properly protected. Azure Active Directory B2C provides you the ability to integrate a ready-made identity platform into your application, with options for integration with social identity providers, application-local accounts, customized workflows, and a user interface that can integrate into your app's layout and design. In this talk you will learn how you can integrate Azure Active Directory B2C into a variety of applications, and several of the ways you can customize the experience to best support both your users' and your application's needs.
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
This session will teach you everything that you need to know in order to understand SharePoint Apps, authentication and authorization. Learn about the different type of Apps, the underlying Apps architecture and how to configure an on-premises environment to support Apps. Also you will learn about the different authentications options available for integrating apps, devices, and applications for on-prem scenarios, in the cloud and hybrid.
This slidedeck provides a technical deep dive about Active Directory Federation Services technology for federated authentication with Office 365 and other relying parties.
In this session we will go through new and extended functions in the User Profile area. We will cover the planning and implementation from the organizational to the technical perspective, not only in theory but also in the live demo.
Aleksandar Drašković
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision IT
In this Webinar, Envision IT demonstrates how ADFS federation can allow external users to access an Extranet, their DMZ accounts or other external identities, and use single sign-on to other systems beyond SharePoint. View more details and the webinar recording here: http://www.envisionit.com/products/events/Pages/SharePoint-Extranet-Spring-Webinar-Series-Federation-and-SharePoint-On-Premise.aspx
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision IT
In this Webinar, Envision IT demonstrates how to set up ADFS so that staff are automatically signed in to their corporate network, and external users are provided with a rich login experience. View more details and the webinar recording here:
http://www.envisionit.com/products/events/Pages/SharePoint-Extranet-Spring-Webinar-Series-Federation-and-Office-365.aspx
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
How will SharePoint 2013 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn about the Product Catalog site template and how you can to use it. Learn about the new improvements in SharePoint 2013 regarding extranets. Learn how SharePoint 2013 can help your organization open its doors to its clients and partners securely.
In this month's call, Loki Meyburg, Program Manager for Microsoft Teams discusses single sign-on (SS0) in Microsoft Teams, including:
-What is single sign-on (SSO)
-Authentication in 2019
-Single sign-on for Teams tabs today!
-Getting starting with SSO
Watch the recording here - https://youtu.be/91Sb5lz3STI
Envision it SharePoint Extranet Webinar Series - Extranet User ProvisioningEnvision IT
In this webinar, Envision IT explores the options available for registration of Extranet users, and the challenges that integration with other line of business applications pose. View the webinar recording here: http://www.envisionit.com/products/events/Pages/SharePoint-Extranet-Spring-Webinar-Series-Extranet-User-Provisioning.aspx
SharePoint Saturday Stockholm 2015 - Building Maintainable and Testable Share...Edin Kapic
SharePoint allows extensibility in many ways for the developers to add functionality by writing custom components such as web parts, timer jobs, event receivers and so on. The unfortunate side effect is that often it explodes into a unmanageable mess. In this session you will learn how to design and write those components with the maintainability in mind. You will see how to properly separate the code that deals with different responsibilities, how to unit test your code, how to add a service layer to your SharePoint customization and how to properly manage the branches and concurrent development.
SPS Stockholm 7 Key Things for Building a Highly-Scalable SharePoint 2013 AppEdin Kapic
Learn best practices and patterns to build your next super-scalable SharePoint 2013 App. You will see how to pair the power of the browser and the cloud to build a SharePoint app that runs like a cheetah. We will go in depth on how the modern SharePoint 2013 app is built on Windows Azure, demo and learn how to manage the different mechanisms for scaling that are available to us, such as non-relational databases, cache, asynchronous API calls and queuing. You will take away code samples and guidance that will enable you to scale you next SharePoint 2013 app.
7 Key Things for Building a Highly-Scalable SharePoint 2013 AppEdin Kapic
My slides from SharePoint Summit Vancouver 2013 talk.
Learn best practices and patterns to build your next superscalable SharePoint 2013 App. You will see how to pair the power of the browser and the cloud to build a SharePoint app that runs like a cheetah. We will go in depth on how the modern SharePoint 2013 app is build on Windows Azure, demo and learn how to manage the different mechanisms for scaling that are available to us, such as non-relational databases, cache, asynchronous API calls and queuing. You will take away code samples and guidance that will enable you to scale you next SharePoint 2013 app.
Social Business Value Demystified: Real-World ExperiencesEdin Kapic
My slides from SharePoint Summit Vancouver 2013 talk.
The core message of SharePoint 2013 is that social computing is here to stay. However, organizations keep facing conflicting messages on how to align business value and social technologies. In this session you will learn how to connect business value and social features of SharePoint in order to support the organizational activities, how to organize communities of knowledge and how to integrate search and metadata into your overall social enterprise strategy. Learn from the real-world social experiences with SharePoint and avoid the common mistakes in your organization social strategy.
The User Experience (UX) and design work are usually done by skilled professionals or by the developers themselves. The first option is almost always satisfactory but it puts the bottleneck on the designer and it is usually done hiring a designer, adding to your project costs. The second option is cheaper and immediate but, sincerely, most of the design done by developers is "less then stellar" (in kind words).
However, you don't have to pursue a designer carreer to successfully make a design for your next project. By applying time-proven knowledge and reusing great designs, you can have the best of both worlds. Your design won't play in Champions League (some things are best done by professionals) but it will surely be more than a match for your needs.
Learn the basic design concepts, essentials and recipes, without the boring stuff. Your next project will be glad you did.
BONUS: Get HubSpot scrapbook of brilliant homepage designs! http://bit.ly/1hrvhad
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
2. Edin Kapić
• SharePoint Senior Architect &
Team Lead in Sogeti,
Barcelona
• President of SharePoint User
Group Catalonia (SUG.CAT)
• Writer at Pluralsight
• SharePoint Server Office
Servers and Services MVP
• Tinker & geek
Email : mail@edinkapic.com
Twitter : @ekapic
LinkedIn : edinkapic
4. SharePoint, Authentication & Authorization
SharePoint Web App
Authentication
Provider
SPUser
Site Collection
Site
SPRoleAssignment
Authentication
Authorization
5. SharePoint Authentication
• SharePoint doesn’t authenticate by
itself
• It keeps user details in the user
profile database and user
information lists in each site
collection
7. SharePoint 2013 Authentication Options
• “Classic” Windows
• Deprecated
• Claims-based
• Windows tokens
• FBA
• SAML 1.1
Windows NTLM Token
Windows NTLM Token
FBA User
SAML 1.1 Token
SAML Token
SPUser
8. App Add-In Authentication
• Add-ins have identity and can be assigned permissions
• Add-ins are principals, together with users and groups
• Add-in identity vs User identity
• Add-ins use OAuth to authenticate
• Low-trust add-ins use 3-legged OAuth (with ACS broker)
• High-trust add-ins use self-signed tokens
9. Claims
• A claim is a piece of your identity, claimed by some authority
• Claims are received upon presenting credentials to a claims provider
• Claims providers are trusted
• Examples
• Employee badge
• Name, department, clearance
• Boarding passes
• Flight, seat, class, name
• Paper Wristbands
• Ticket type, extra services
11. SharePoint Claims
Claim Type Claim Value Issuer Original Issuer
http://schemas.xmlsoap.org
/ws/2005/05/identity/claim
s/nameidentifier
demoekapic SharePoint SharePoint
http://schemas.xmlsoap.org
/ws/2008/06/identity/claim
s/primarysid
S-1-5-21-4067827123-
213488314-8760374-
513
SharePoint Windows
http://schemas.xmlsoap.org
/ws/2005/05identity/claims
/upn
ekapic@demo.local SharePoint Windows
http://schemas.microsoft.co
m/sharepoint/2009/08/clai
ms/userid
0#.w|demoekapic SharePoint SecurityTokenService
12. Claims Authentication
• SharePoint augments and transforms the incoming claims to a
normalized claims identity
• Can be done by more than one claims provider
• Decouples the authentication method from the user identity
• For Windows incoming claims, there is a C2WTS (Claims to Windows
Token Service) inside SharePoint 2013 to allow converting claims back
into Windows identities
13. Claims Authorization
• Any claim can be used as a
security principal in SharePoint
• Flexible alternative to security
groups
• Claims can be surfaced by the
identity token service or custom
claims provider in People Picker
14. Claim Providers
• Augment and surface the claims for People Picker
• Can be generic or bound to a Trusted Identity Provider
• Inherits from SPClaimProvider abstract class
15. Claims Augmentation and Surfacing
Desired claim provider feature Implements
Claims augmentation FillClaimsForEntity
SupportsEntityInformation
Claims surfacing in People Picker FillSchema
FillClaimTypes
FillClaimValueTypes
FillEntityTypes
Claims hierarchy in People Picker left side FillHierarchy
SupportsHierarchy
Resolving typed claims in People Picker FillResolve
SupportsResolve
Searching for claims in People Picker FillSearch
SupportsSearch
17. Federated Authentication
• When the identity provider (IdP) is distinct from Windows (or FBA),
we have federated authentication
• Third-party Secure Token Service (STS) issues a security token with
claims
• This token is trusted by “clients” (Relying Parties, RP) as the STS is
trusted by them
• Tokens are digitally signed
19. Federated Identity Providers
• Microsoft Active Directory Federation
Services (ADFS)
• Microsoft Azure Active Directory
• Thinktecture IdentityServer
• Shibboleth
• IBM Federated Identity Manager
• ...
20. Active Directory Federation Services (ADFS)
• Part of Windows Server
features
• Can transform AD into a
federated IdP
• Doesn’t manage users
directly, but claims,
identity providers and
relying parties
21. Azure Active Directory (AAD)
• “AD and ADFS in the cloud”
• Part of Azure / Office 365 offering
• Underpins the most of the Office
365 / Azure hybrid architectures
24. Summary
• Claims-based identity and authorization are the only way forward, so
make sure that you understand them well
• You can decouple user authentication from the user identity
• You can extend your user identity with additional claims
• You can get your user identity from somewhere else
25. Further Reading
• Steve Peschka’s blog https://samlman.wordpress.com
• Kirk Evans’ blog http://blogs.msdn.com/b/kaevans/
• A Guide to Claims-Identity and Access Control
https://msdn.microsoft.com/en-us/library/ff423674.aspx
In the two latest versions of SharePoint, we have seen how Claims-based authentication have taken over the traditional Windows and FBA authentication. Now we have federated identity with services such as Active Directory Federation Services (ADFS) and Azure Active Directory (AAD) and the authorization is handled by OAuth in the app model. But still, the vast majority of the deployments still use plain vanilla AD or LDAP authentication, without exploiting its flexibility and adaptability to a variety of scenarios. In this session you will learn how to extend the authentication and authorization with custom claim providers, claim augmentation and transformation.In this session you will:- Acquaint yourself with the authorization/authentication mechanism in SharePoint/Office 365- Learn how to extend and adapt the authentication/authorization to fit your needs - Get to know the benefits of using ADFS for identity federation