SlideShare a Scribd company logo

T28 implementing adfs and hybrid share point

Download as PPTX, PDF
Thorbjørn Værp
Thorbjørn Værp

European SharePoint Conference 2014 in Barcelona. Presentation Description: In this session we look at modern forms of authentication . We’ll cover Windows Server Active Directory Federation Services (ADFS) concepts and look at federation with SharePoint. There are a number of difficulties that you’ll need to overcome implementing SAML claims with SP, for example people picker, user profile import, problematic use of some SharePoint apps. We’ll also cover the infrastructure side like making it work with host named site collections, reverse proxy servers and other user directories. Moving to the cloud we’ll look at the authentication architecture of the standards employed; like OAUTH, WS-* and OpenID Connect. Presentation Benefit Get a better understanding of Windows Server Active Directory Federation Services (ADFS) concepts and SAML claims connection with SharePoint. You will learn... Understand authentication architecture and standards employed. ADFS concepts How to implement SAML claims

1 of 90
Implementing ADFS and Hybrid SharePoint Thorbjørn Værp
About me Thorbjørn Værp Principal Consultant Puzzlepart Kristiansand, Norway www.Sharepoint13.net | @vaerpn Celebrating 21 years IT-pro, 11 of them in SP MCT | XVC #ESPC14
Agenda • History • Claims-based authentication • ADFS & SharePoint 2013
HISTORY
A Web service is a method of communications between two electronic devices over a network. It is a software function provided at a network address over the web with the service always on as in the concept of utility computing.
An open standard for authentication Similar architecture to WS-* OpenID authentication used by PayPal, Google, VeriSign, Twitter +
An open standard for authorization Method for clients to access server resources on behalf of a resource owner Oauth has no signing or encryption (it relies only on ssl for opacity) Wide adoption, Facebook, Microsoft, Two version, 1.0 & 2.0 –no backwards compability.
Traditional authentication mechanisms • Anonymous • Basic • NTLM / Kerberos (WIA) • Forms based AuthN
The problem with authentication • Current technologies do not work well on the Internet (NTLM, Kerberos etc.) – Basic is the only authentication mechanism that was part of the HTTP (1.0), all the others are bolted on • Several and different user stores (AD, LDAP, eDir) • Relies on your particular platform • Authentication had to be handled and understood by the developers, whose time is better spent developing the application • Each new authentication scheme required chaning the code
Claims-based identity
What is claims-based identity? • Abstraction layer (indirection) • A claim is an authoritative statement about a subject made by an entity • A claim can be anything (not just security information) that can be associated with a subject – Name | Age | Group membership | Role • A claim is always associated with the entity that issued it • There are several claim standards • Claims are stored and transmitted in security tokens
What is claims based identity? – XML or binary fragments constructed according to some security standard – Digitally signed • There are several token formats • SAML (Security Assertion Markup Language) JWT (JSON Web Token) SWT (Simple Web Token) • Claims based identity requires a trust model – Usually implemented with digital certificates
Claims in SharePoint 2013 3 types of claim providers Windows Trusted Provider (SAML) Forms Based AuthN Multiple AuthN providers possible in the same zone Classic mode only via PowerShell
Claims in SharePoint 2013 • SP 2013 has its own STS implementation • The SP 2013 Federation Metadata is in JSON, not XML • Both Classic authentication mode (WIA) and claims mode (WIA/FBA/SAML) is supported, but claims is the default • In claims mode every form of AuthN is transformed to a SAML token
SAML-based Claims in SP2013
Authentication process
Authentication process
Authentication process
Authentication process
Authentication process
Authentication process
Authentication process
ADFS & SharePoint 2013
Grocery list • 4 Public Certificates + (eg.RapidSSL) • Fs3.vaerpn.com • Sp.vaerpn.com • Tokensign.vaerpn.com • Decrypt.vaerpn.com • Reverse proxy, (WEP, F5, Netscaler, Azure Endpoints,) • Update public DNS • Update internal DNS • ADFS server, one or more • SharePoint 2013
Step by Step The Environment • We got AD with a routable domain | vaerpn.com, externaly registered. • Enterprise Admin access AD DS & available admin e-mail • SP 2013 with SQL server • Firewall/ReverseProxy or Azure • One or more Win2012 R2 domain joined servers to add ADFS 3.0 Role What to do: 1.Get those Certificates, 2. Add ADFS Role, 3. Configure ADFS & Certificates 4. Configure Claim Rule, 5: Add RelayingParty Identifier, 6. Create & Connect SP Trusted Identity Provider
Repeat until you have 4 certificates adfs.vaerpn.com -> for ADFS service signing.vaerpn.com ->for token signing decrypt.vaerpn.com ->for decrypt (not used by SP but a prereq) sp.vaerpn.com ->for SSL on SharePoint web app (one pr.web app)
• Copy this to the SharePoint WFE
-> Run this -> Check this
Wrap Up History WS-*, OpenID, OpenAuth, David Wheeler "All problems in computer science can be solved by another level of indirection." Claims A claim is an authoritative statement about a subject made by an entity. In claims mode every form of AuthN is transformed to a SAML token ADFS & SharePoint 2013 ADFS 3.0 no IIS. Always use public certificates, plan stuff, Must use PowerShell
#ESPC14

Recommended

SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
Mohammad Yousri
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
AntonioMaio2
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Gus Fraser
 

Recommended

SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
Mohammad Yousri
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
AntonioMaio2
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Gus Fraser
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
Brian Culver
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio Maio
AntonioMaio2
 
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Brian Culver
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
BIWUG
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
Natallia Makarevich
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
amitchachra
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
Granikos GmbH & Co. KG
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
John Garland
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
Liam Cleary [MVP]
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision IT
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 
Implementing adfs & hybrid sp
Implementing adfs & hybrid spImplementing adfs & hybrid sp
Implementing adfs & hybrid sp
Thorbjørn Værp
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
Volkan Uzun
 

More Related Content

What's hot

Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
Brian Culver
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio Maio
AntonioMaio2
 
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Brian Culver
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
BIWUG
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
Natallia Makarevich
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
amitchachra
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
Granikos GmbH & Co. KG
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
John Garland
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
Liam Cleary [MVP]
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision IT
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSOHuy Pham
 

What's hot (20)

Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio Maio
 
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Presentation
PresentationPresentation
Presentation
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
 
2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO2. Day 2 - Identify and SSO
2. Day 2 - Identify and SSO
 

Similar to T28 implementing adfs and hybrid share point

Implementing adfs & hybrid sp
Implementing adfs & hybrid spImplementing adfs & hybrid sp
Implementing adfs & hybrid sp
Thorbjørn Værp
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
Volkan Uzun
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
Digicomp Academy AG
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devs
Steven Van de Craen
 
Web security
Web securityWeb security
Web security
Muhammad Usman
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
EPC Group
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
NCCOMMS
 
Spa Secure Coding Guide
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding Guide
Geoffrey Vandiest
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration component
Olivier Naveau
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identity
Andre N. Klingsheim
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration Component
ForgeRock
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Nordic Infrastructure Conference
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applications
NETUserGroupBern
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMS
Morgan Simonsen
 
Unit 5
Unit 5Unit 5
Unit 5
DhanalakshmiVelusamy1
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 

Similar to T28 implementing adfs and hybrid share point (20)

Implementing adfs & hybrid sp
Implementing adfs & hybrid spImplementing adfs & hybrid sp
Implementing adfs & hybrid sp
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
 
SPSBE 2013 Claims for devs
SPSBE 2013 Claims for devsSPSBE 2013 Claims for devs
SPSBE 2013 Claims for devs
 
Web security
Web securityWeb security
Web security
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
Spa Secure Coding Guide
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding Guide
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration component
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identity
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration Component
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applications
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMS
 
Unit 5
Unit 5Unit 5
Unit 5
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 

More from Thorbjørn Værp

Lag ditt eget Viva Learning innhold
Lag ditt eget Viva Learning innholdLag ditt eget Viva Learning innhold
Lag ditt eget Viva Learning innhold
Thorbjørn Værp
 
Frokostseminar 25.november 2020
Frokostseminar 25.november 2020Frokostseminar 25.november 2020
Frokostseminar 25.november 2020
Thorbjørn Værp
 
Office 365 UGA Siste nytt september 2020
Office 365 UGA Siste nytt september 2020Office 365 UGA Siste nytt september 2020
Office 365 UGA Siste nytt september 2020
Thorbjørn Værp
 
Office 365 User Group Agder Meetup January 2020
Office 365 User Group Agder Meetup January 2020Office 365 User Group Agder Meetup January 2020
Office 365 User Group Agder Meetup January 2020
Thorbjørn Værp
 
Office365 User Group Agder Meetup mai 2019
Office365 User Group Agder Meetup mai 2019Office365 User Group Agder Meetup mai 2019
Office365 User Group Agder Meetup mai 2019
Thorbjørn Værp
 
SPS Leicester 2018 hub sites
SPS Leicester 2018 hub sitesSPS Leicester 2018 hub sites
SPS Leicester 2018 hub sites
Thorbjørn Værp
 
SPS Milan 2018 hub sites
SPS Milan 2018 hub sitesSPS Milan 2018 hub sites
SPS Milan 2018 hub sites
Thorbjørn Værp
 
SharePoint hub sites in Office 365
SharePoint hub sites in Office 365SharePoint hub sites in Office 365
SharePoint hub sites in Office 365
Thorbjørn Værp
 
Office 365 User Group Agder Meetup Mai 2018
Office 365 User Group Agder Meetup Mai 2018Office 365 User Group Agder Meetup Mai 2018
Office 365 User Group Agder Meetup Mai 2018
Thorbjørn Værp
 
Office 365 User Groupa Agder - Siste nytt februar 2018
Office 365 User Groupa Agder - Siste nytt februar 2018Office 365 User Groupa Agder - Siste nytt februar 2018
Office 365 User Groupa Agder - Siste nytt februar 2018
Thorbjørn Værp
 
Microsoft Teams & nyheter Januar 2018
Microsoft Teams & nyheter Januar 2018Microsoft Teams & nyheter Januar 2018
Microsoft Teams & nyheter Januar 2018
Thorbjørn Værp
 
GDPR presentation Tomas Sunde NCG
GDPR presentation Tomas Sunde NCGGDPR presentation Tomas Sunde NCG
GDPR presentation Tomas Sunde NCG
Thorbjørn Værp
 
O365 UGA - Siste nytt November
O365 UGA - Siste nytt NovemberO365 UGA - Siste nytt November
O365 UGA - Siste nytt November
Thorbjørn Værp
 
Team Me Up Scotty SPSOslo w.Extending
Team Me Up Scotty SPSOslo w.ExtendingTeam Me Up Scotty SPSOslo w.Extending
Team Me Up Scotty SPSOslo w.Extending
Thorbjørn Værp
 
OCAD løypelegging
OCAD løypeleggingOCAD løypelegging
OCAD løypelegging
Thorbjørn Værp
 
Team Me Up with Microsoft Teams
Team Me Up with Microsoft TeamsTeam Me Up with Microsoft Teams
Team Me Up with Microsoft Teams
Thorbjørn Værp
 
SPSMilano - Microsoft Teams
SPSMilano - Microsoft TeamsSPSMilano - Microsoft Teams
SPSMilano - Microsoft Teams
Thorbjørn Værp
 
Team me up Scotty!
Team me up Scotty!Team me up Scotty!
Team me up Scotty!
Thorbjørn Værp
 
Team me up scotty!
Team me up scotty!Team me up scotty!
Team me up scotty!
Thorbjørn Værp
 
O365 UserGroup Agder meetup march
O365 UserGroup Agder meetup marchO365 UserGroup Agder meetup march
O365 UserGroup Agder meetup march
Thorbjørn Værp
 

More from Thorbjørn Værp (20)

Lag ditt eget Viva Learning innhold
Lag ditt eget Viva Learning innholdLag ditt eget Viva Learning innhold
Lag ditt eget Viva Learning innhold
 
Frokostseminar 25.november 2020
Frokostseminar 25.november 2020Frokostseminar 25.november 2020
Frokostseminar 25.november 2020
 
Office 365 UGA Siste nytt september 2020
Office 365 UGA Siste nytt september 2020Office 365 UGA Siste nytt september 2020
Office 365 UGA Siste nytt september 2020
 
Office 365 User Group Agder Meetup January 2020
Office 365 User Group Agder Meetup January 2020Office 365 User Group Agder Meetup January 2020
Office 365 User Group Agder Meetup January 2020
 
Office365 User Group Agder Meetup mai 2019
Office365 User Group Agder Meetup mai 2019Office365 User Group Agder Meetup mai 2019
Office365 User Group Agder Meetup mai 2019
 
SPS Leicester 2018 hub sites
SPS Leicester 2018 hub sitesSPS Leicester 2018 hub sites
SPS Leicester 2018 hub sites
 
SPS Milan 2018 hub sites
SPS Milan 2018 hub sitesSPS Milan 2018 hub sites
SPS Milan 2018 hub sites
 
SharePoint hub sites in Office 365
SharePoint hub sites in Office 365SharePoint hub sites in Office 365
SharePoint hub sites in Office 365
 
Office 365 User Group Agder Meetup Mai 2018
Office 365 User Group Agder Meetup Mai 2018Office 365 User Group Agder Meetup Mai 2018
Office 365 User Group Agder Meetup Mai 2018
 
Office 365 User Groupa Agder - Siste nytt februar 2018
Office 365 User Groupa Agder - Siste nytt februar 2018Office 365 User Groupa Agder - Siste nytt februar 2018
Office 365 User Groupa Agder - Siste nytt februar 2018
 
Microsoft Teams & nyheter Januar 2018
Microsoft Teams & nyheter Januar 2018Microsoft Teams & nyheter Januar 2018
Microsoft Teams & nyheter Januar 2018
 
GDPR presentation Tomas Sunde NCG
GDPR presentation Tomas Sunde NCGGDPR presentation Tomas Sunde NCG
GDPR presentation Tomas Sunde NCG
 
O365 UGA - Siste nytt November
O365 UGA - Siste nytt NovemberO365 UGA - Siste nytt November
O365 UGA - Siste nytt November
 
Team Me Up Scotty SPSOslo w.Extending
Team Me Up Scotty SPSOslo w.ExtendingTeam Me Up Scotty SPSOslo w.Extending
Team Me Up Scotty SPSOslo w.Extending
 
OCAD løypelegging
OCAD løypeleggingOCAD løypelegging
OCAD løypelegging
 
Team Me Up with Microsoft Teams
Team Me Up with Microsoft TeamsTeam Me Up with Microsoft Teams
Team Me Up with Microsoft Teams
 
SPSMilano - Microsoft Teams
SPSMilano - Microsoft TeamsSPSMilano - Microsoft Teams
SPSMilano - Microsoft Teams
 
Team me up Scotty!
Team me up Scotty!Team me up Scotty!
Team me up Scotty!
 
Team me up scotty!
Team me up scotty!Team me up scotty!
Team me up scotty!
 
O365 UserGroup Agder meetup march
O365 UserGroup Agder meetup marchO365 UserGroup Agder meetup march
O365 UserGroup Agder meetup march
 

Recently uploaded

A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
Peter Caitens
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
ayushiqss
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
XfilesPro
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
varshanayak241
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 

Recently uploaded (20)

A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 

T28 implementing adfs and hybrid share point

  • 1. Implementing ADFS and Hybrid SharePoint Thorbjørn Værp
  • 2. About me Thorbjørn Værp Principal Consultant Puzzlepart Kristiansand, Norway www.Sharepoint13.net | @vaerpn Celebrating 21 years IT-pro, 11 of them in SP MCT | XVC #ESPC14
  • 3. Agenda • History • Claims-based authentication • ADFS & SharePoint 2013
  • 5.
  • 6. A Web service is a method of communications between two electronic devices over a network. It is a software function provided at a network address over the web with the service always on as in the concept of utility computing.
  • 7. An open standard for authentication Similar architecture to WS-* OpenID authentication used by PayPal, Google, VeriSign, Twitter +
  • 8. An open standard for authorization Method for clients to access server resources on behalf of a resource owner Oauth has no signing or encryption (it relies only on ssl for opacity) Wide adoption, Facebook, Microsoft, Two version, 1.0 & 2.0 –no backwards compability.
  • 9. Traditional authentication mechanisms • Anonymous • Basic • NTLM / Kerberos (WIA) • Forms based AuthN
  • 10. The problem with authentication • Current technologies do not work well on the Internet (NTLM, Kerberos etc.) – Basic is the only authentication mechanism that was part of the HTTP (1.0), all the others are bolted on • Several and different user stores (AD, LDAP, eDir) • Relies on your particular platform • Authentication had to be handled and understood by the developers, whose time is better spent developing the application • Each new authentication scheme required chaning the code
  • 11.
  • 13. What is claims-based identity? • Abstraction layer (indirection) • A claim is an authoritative statement about a subject made by an entity • A claim can be anything (not just security information) that can be associated with a subject – Name | Age | Group membership | Role • A claim is always associated with the entity that issued it • There are several claim standards • Claims are stored and transmitted in security tokens
  • 14. What is claims based identity? – XML or binary fragments constructed according to some security standard – Digitally signed • There are several token formats • SAML (Security Assertion Markup Language) JWT (JSON Web Token) SWT (Simple Web Token) • Claims based identity requires a trust model – Usually implemented with digital certificates
  • 15. Claims in SharePoint 2013 3 types of claim providers Windows Trusted Provider (SAML) Forms Based AuthN Multiple AuthN providers possible in the same zone Classic mode only via PowerShell
  • 16. Claims in SharePoint 2013 • SP 2013 has its own STS implementation • The SP 2013 Federation Metadata is in JSON, not XML • Both Classic authentication mode (WIA) and claims mode (WIA/FBA/SAML) is supported, but claims is the default • In claims mode every form of AuthN is transformed to a SAML token
  • 26. Grocery list • 4 Public Certificates + (eg.RapidSSL) • Fs3.vaerpn.com • Sp.vaerpn.com • Tokensign.vaerpn.com • Decrypt.vaerpn.com • Reverse proxy, (WEP, F5, Netscaler, Azure Endpoints,) • Update public DNS • Update internal DNS • ADFS server, one or more • SharePoint 2013
  • 27. Step by Step The Environment • We got AD with a routable domain | vaerpn.com, externaly registered. • Enterprise Admin access AD DS & available admin e-mail • SP 2013 with SQL server • Firewall/ReverseProxy or Azure • One or more Win2012 R2 domain joined servers to add ADFS 3.0 Role What to do: 1.Get those Certificates, 2. Add ADFS Role, 3. Configure ADFS & Certificates 4. Configure Claim Rule, 5: Add RelayingParty Identifier, 6. Create & Connect SP Trusted Identity Provider
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. Repeat until you have 4 certificates adfs.vaerpn.com -> for ADFS service signing.vaerpn.com ->for token signing decrypt.vaerpn.com ->for decrypt (not used by SP but a prereq) sp.vaerpn.com ->for SSL on SharePoint web app (one pr.web app)
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78. • Copy this to the SharePoint WFE
  • 79.
  • 80.
  • 81. -> Run this -> Check this
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87.
  • 88. Wrap Up History WS-*, OpenID, OpenAuth, David Wheeler "All problems in computer science can be solved by another level of indirection." Claims A claim is an authoritative statement about a subject made by an entity. In claims mode every form of AuthN is transformed to a SAML token ADFS & SharePoint 2013 ADFS 3.0 no IIS. Always use public certificates, plan stuff, Must use PowerShell
  • 89.

Editor's Notes

  1. welcome. Click slide
  2. Takethe Picture
  3. Hands up IT-pro or IT-dev, BI/Business (great) , ADFS 2.0 or 3.0, Is it a great first day -?
  4. Subject: anythingthatneeds to be identified (authenticated) aka. principal/userAuthentication (AuthN): The processofestablishingidentity, preferably mutual. This requiresproof, usually in the form ofcredentials. Authorization (AuthZ): Determining, and granting or denyingaccess to resources for subjectImpersonation: A service canact as theuserwhileperforming an action onthe same server the service is hostedonDelegation: A service canact as theuserwhileperforming an action hostedonanother server Profile store: Service/appprofileinformationwith an immutable ID for eachsubject
  5. There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These variety of specifications are the basic web services framework established by first-generation standards represented by WSDL, SOAP, and UDDI.[1] Specifications may complement, overlap, and compete with each other. Web service specifications are occasionally referred to collectively as "WS-*", though there is not a single managed set of specifications that this consistently refers to, nor a recognized owning body across them all.“WS-“is a prefix used to indicate specifications associated with Web Services and there exist many WS* standards including WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust.[2] This page includes many of the specifications that might be considered a part of "WS-*".
  6. OpenID is an open standard that allows users to be authenticated by certain co-operating sites (known as Relying Parties or RP) using a third party service, eliminating the need for webmasters to provide their own ad hoc systems and allowing users to consolidate their digital identities.[1]
  7. OAuth began in November 2006 when Blaine Cook was developing the TwitterOpenID implementation. Meanwhile, Ma.gnolia needed a solution to allow its members with OpenIDs to authorize Dashboard Widgets to access their service. Cook, Chris Messina and Larry Halff from Magnolia met with David Recordon to discuss using OpenID with the Twitter and Ma.gnolia APIs to delegate authentication. They concluded that there were no open standards for API access delegation.OAuth 2.0 is the next evolution of the OAuth protocol and is not backwards compatible with OAuth 1.0. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. The specification and associated RFCs are developed by the IETF OAuth WG;[4] the main framework was published in October 2012. (It was expected to be finalized by the end of 2010, according to Eran Hammer.[5] However, due to discordant views about the evolution of OAuth, Hammer left the working group.[6])Facebook's new Graph API only supports OAuth 2.0.[7]Google supports OAuth 2.0 as the recommended authentication mechanism for all of its APIs.[8] As of 2011 Microsoft[9] has added OAuth 2.0 experimental support to their APIs.The OAuth 2.0 Framework[10] and Bearer Token Usage[11] were published in October 2012. Other documents are still being worked on within the OAuth working group.
  8. Anonymous • Not technicallyclientauthentication • Basic • Part of HTTP 1.0 spec • Ubiquitous support • Server knowstheusername/password • NTLM/Kerberos (WIA) • Cannottraversefirewalls or proxies • Forms basedAuthN • Authenticationhappensindependentof transfer protocol • Authenticationimplemented in theapplication • Occursafter IIS authentication
  9. From wikipediaEducation[edit]Wheeler was born in Birmingham and gained a scholarship at Trinity College, Cambridge to read the Cambridge Mathematical Tripos, graduating in 1948.[14] He completed the world's first[citation needed] PhD in computer science in 1951.[15]Career[edit]Wheeler's contributions to the field included work on the EDSAC[16] and the Burrows–Wheeler transform. Along with Maurice Wilkes and Stanley Gill he is credited with the invention of the subroutine (which they referred to as the closed subroutine), a predecessor of the infamous goto statement;[5] as a result, the jump to subroutine instruction is often called Wheeler Jump. He was responsible for the implementation of the CAP computer, the first to be based on security capabilities. In cryptography, he was the designer of WAKE and the co-designer of the TEA and XTEA encryption algorithms together with Roger Needham.Wheeler married Joyce Blackler in August 1957, who herself used EDSAC for her own mathematical investigations as a research student from 1955. He became a Fellow of Darwin College, Cambridge in 1964 and formally retired in 1994, although he continued to be an active member of the University of CambridgeComputer Laboratory until his death. In 1994 he was inducted as a Fellow of the Association for Computing Machinery. In 2003 he was a Computer History Museum Fellow Award recipient. The Computer Laboratory at the University of Cambridge annually holds the "Wheeler Lecture", a series of distinguished lectures named after him.[17]Wheeler is often quoted as saying "All problems in computer science can be solved by another level of indirection."[18] Another quotation attributed to him is "Compatibility means deliberately repeating other people's mistakes
  10. • • • Abstractionlayer (indirection) A claim is an authoritative statement about a subjectmade by an entity A claimcan be anything (not just securityinformation) thatcan be associatedwith a subject • • • • • • • • XML or binary fragments constructedaccording to somesecurity standard Digitallysigned • • • • • • Name Age Group membershipRole SAML (Security AssertionMarkup Language) JWT (JSON Web Token) SWT (Simple Web Token) • Usuallyimplementedwith digital certificates A claim is alwaysassociatedwiththeentitythatissued it Thereareseveralclaim standards Claimsarestored and transmitted in security tokens Thereareseveral token formats Claimsbasedidentityrequires a trust modelClaims-based identity is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet.[1] It also provides a consistent approach for applications running on-premises or in the cloud.The key strength of claims-based identity is that it abstracts the individual elements of identity and access control into two parts; a single, general notion of claims and the concept of an issuer or an authority.[2]A claim is a statement that one subject, such as a person or organization, makes about itself or another subject. For example the statement can be about a name, group, buying preference, ethnicity, privilege, association or capability. The subject making the claim or claims is the provider. Claims are packaged into one or more tokens that are then issued by an issuer (provider), commonly known as a Security Token Service (STS).[2]
  11. Claims-based identity is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet.[1] It also provides a consistent approach for applications running on-premises or in the cloud.The key strength of claims-based identity is that it abstracts the individual elements of identity and access control into two parts; a single, general notion of claims and the concept of an issuer or an authority.[2]A claim is a statement that one subject, such as a person or organization, makes about itself or another subject. For example the statement can be about a name, group, buying preference, ethnicity, privilege, association or capability. The subject making the claim or claims is the provider. Claims are packaged into one or more tokens that are then issued by an issuer (provider), commonly known as a Security Token Service (STS).[2]
  12. SAML-Basedclaimsauthenticationprocess for SharePoint 2013Security AssertionMarkup Languagehttp://en.wikipedia.org/wiki/Saml
  13. WHY ADFSNatural candidate for SharePointSupports the necessary standardsIntegration with Active DirectoryOften used as a go-betweenPowerful capabilitiesFree with Windows Server licenseSolutions on the market:CA SiteMinderShibollethOracle Access ManagerIBM Tivoli Access ManagerActive Directory Federation ServicesCustom solutions using WIF
  14. Edge FireWall –not recommended.
  15. Adminenabled e-mail for thatcertificateapprover e-mail.RP=Relaying Party
  16. Consideraddroles and featurespic, server manager dashboard
  17. Apearwithout KDR, set -spn
  18. DNS onthe AD DS, A record, not C-name
  19. https://fs3.vaerpn.com/federationmetadata/2007-06/federationmetadata.xmlhttps://fs3.vaerpn.com/adfs/ls/IDPInitiatedSignon.aspx
  20. Animation: Copy to file, export