European SharePoint Conference 2014 in Barcelona.
Presentation Description:
In this session we look at modern forms of authentication . We’ll cover Windows Server Active Directory Federation Services (ADFS) concepts and look at federation with SharePoint. There are a number of difficulties that you’ll need to overcome implementing SAML claims with SP, for example people picker, user profile import, problematic use of some SharePoint apps. We’ll also cover the infrastructure side like making it work with host named site collections, reverse proxy servers and other user directories. Moving to the cloud we’ll look at the authentication architecture of the standards employed; like OAUTH, WS-* and OpenID Connect.
Presentation Benefit
Get a better understanding of Windows Server Active Directory Federation Services (ADFS) concepts and SAML claims connection with SharePoint.
You will learn...
Understand authentication architecture and standards employed.
ADFS concepts
How to implement SAML claims
This presentation will give you short and not very technical overview about claims-based authentication.
The claims-based authentication will be the way to almost all Microsoft web-based platforms around. It is more complex than old username-password method but also more secure and general.
This presentation will give you short and not very technical overview about claims-based authentication.
The claims-based authentication will be the way to almost all Microsoft web-based platforms around. It is more complex than old username-password method but also more secure and general.
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
Developing Custom Claim Providers to Enable Authorization in SharePoint - Antonio Maio.
With the release of SharePoint 2010, Microsoft introduced the concepts of Claims Based Authentication and Authorization. SharePoint 2013 went a step further making Claims Based Authentication the default method for authenticating users when they login. Claims, and identities in general, are playing a bigger role in the security capabilities of systems like SharePoint, enabling us to solve some new and exciting security challenges. Typically we authorize the content that users have access to using SharePoint permissions, however authentication scenarios can be extended in new and interesting ways by developing a custom component called a Custom Claim Provider. This session will introduce the concepts of Claims Based Authentication and Authorization in SharePoint and provide step by step instructions on how to develop and deploy Custom Claim Providers. The session will also walk through several examples of how custom Claim Providers can enhance SharePoint security and authorization.
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
How will SharePoint 2013 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn about the Product Catalog site template and how you can to use it. Learn about the new improvements in SharePoint 2013 regarding extranets. Learn how SharePoint 2013 can help your organization open its doors to its clients and partners securely.
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
How will SharePoint 2010 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn what exactly is claims based authentication and how can to use it. Learn about the new multi-authentication mode in SharePoint 2010. Learn how SharePoint 2010 can help your organization open its doors to its clients and partners securely.
How to deploy SharePoint 2010 to external users?rlsoft
A presentation about all the different aspects to be aware of when deploying SharePoint 2010 as an extranet platform, as well as the available options for network topologies and authentication methods.
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
This session will teach you everything that you need to know in order to understand SharePoint Apps, authentication and authorization. Learn about the different type of Apps, the underlying Apps architecture and how to configure an on-premises environment to support Apps. Also you will learn about the different authentications options available for integrating apps, devices, and applications for on-prem scenarios, in the cloud and hybrid.
This slidedeck provides a technical deep dive about Active Directory Federation Services technology for federated authentication with Office 365 and other relying parties.
'Claims-based identity' is known and well-documented. However I tend to encounter the same questions again and again. These slides tell what claims-based identity means to me.
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
Digital transformation brings several challenges on how identity and access management (IAM) is handled. People expect seamless experiences when dealing with a digital business. Digital business use several systems, each having different identities. But users still expect to use the entire system using the same identity. In addition, with the widespread adaptation of social networks, users expect to access these systems using their social identities.
The more systems you integrate with using a single identity, the weaker your security becomes, making the demand for multi-factor authentication and authorization higher. This shows that IAM is not an option but a necessity when digitally transforming your business. In this session, we will discuss the concerns of IAM that we have had to deal with when preparing for digital transformation, and why they are important considerations.
A Developer's Introduction to Azure Active Directory B2CJohn Garland
Adding personalized experiences is often a critical part of creating an application, and the key to personalization is being able to identify your users. However, properly managing user identities can be difficult, and getting it wrong can cost you users due to usability problems, or worse, can expose your users to harm if their identity information is not properly protected. Azure Active Directory B2C provides you the ability to integrate a ready-made identity platform into your application, with options for integration with social identity providers, application-local accounts, customized workflows, and a user interface that can integrate into your app's layout and design. In this talk you will learn how you can integrate Azure Active Directory B2C into a variety of applications, and several of the ways you can customize the experience to best support both your users' and your application's needs.
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision IT
In this Webinar, Envision IT demonstrates how ADFS federation can allow external users to access an Extranet, their DMZ accounts or other external identities, and use single sign-on to other systems beyond SharePoint. View more details and the webinar recording here: http://www.envisionit.com/products/events/Pages/SharePoint-Extranet-Spring-Webinar-Series-Federation-and-SharePoint-On-Premise.aspx
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
Developing Custom Claim Providers to Enable Authorization in SharePoint - Antonio Maio.
With the release of SharePoint 2010, Microsoft introduced the concepts of Claims Based Authentication and Authorization. SharePoint 2013 went a step further making Claims Based Authentication the default method for authenticating users when they login. Claims, and identities in general, are playing a bigger role in the security capabilities of systems like SharePoint, enabling us to solve some new and exciting security challenges. Typically we authorize the content that users have access to using SharePoint permissions, however authentication scenarios can be extended in new and interesting ways by developing a custom component called a Custom Claim Provider. This session will introduce the concepts of Claims Based Authentication and Authorization in SharePoint and provide step by step instructions on how to develop and deploy Custom Claim Providers. The session will also walk through several examples of how custom Claim Providers can enhance SharePoint security and authorization.
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
How will SharePoint 2013 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn about the Product Catalog site template and how you can to use it. Learn about the new improvements in SharePoint 2013 regarding extranets. Learn how SharePoint 2013 can help your organization open its doors to its clients and partners securely.
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
How will SharePoint 2010 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn what exactly is claims based authentication and how can to use it. Learn about the new multi-authentication mode in SharePoint 2010. Learn how SharePoint 2010 can help your organization open its doors to its clients and partners securely.
How to deploy SharePoint 2010 to external users?rlsoft
A presentation about all the different aspects to be aware of when deploying SharePoint 2010 as an extranet platform, as well as the available options for network topologies and authentication methods.
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
This session will teach you everything that you need to know in order to understand SharePoint Apps, authentication and authorization. Learn about the different type of Apps, the underlying Apps architecture and how to configure an on-premises environment to support Apps. Also you will learn about the different authentications options available for integrating apps, devices, and applications for on-prem scenarios, in the cloud and hybrid.
This slidedeck provides a technical deep dive about Active Directory Federation Services technology for federated authentication with Office 365 and other relying parties.
'Claims-based identity' is known and well-documented. However I tend to encounter the same questions again and again. These slides tell what claims-based identity means to me.
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
Digital transformation brings several challenges on how identity and access management (IAM) is handled. People expect seamless experiences when dealing with a digital business. Digital business use several systems, each having different identities. But users still expect to use the entire system using the same identity. In addition, with the widespread adaptation of social networks, users expect to access these systems using their social identities.
The more systems you integrate with using a single identity, the weaker your security becomes, making the demand for multi-factor authentication and authorization higher. This shows that IAM is not an option but a necessity when digitally transforming your business. In this session, we will discuss the concerns of IAM that we have had to deal with when preparing for digital transformation, and why they are important considerations.
A Developer's Introduction to Azure Active Directory B2CJohn Garland
Adding personalized experiences is often a critical part of creating an application, and the key to personalization is being able to identify your users. However, properly managing user identities can be difficult, and getting it wrong can cost you users due to usability problems, or worse, can expose your users to harm if their identity information is not properly protected. Azure Active Directory B2C provides you the ability to integrate a ready-made identity platform into your application, with options for integration with social identity providers, application-local accounts, customized workflows, and a user interface that can integrate into your app's layout and design. In this talk you will learn how you can integrate Azure Active Directory B2C into a variety of applications, and several of the ways you can customize the experience to best support both your users' and your application's needs.
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision IT
In this Webinar, Envision IT demonstrates how ADFS federation can allow external users to access an Extranet, their DMZ accounts or other external identities, and use single sign-on to other systems beyond SharePoint. View more details and the webinar recording here: http://www.envisionit.com/products/events/Pages/SharePoint-Extranet-Spring-Webinar-Series-Federation-and-SharePoint-On-Premise.aspx
Slides der Präsentation von Jörg Vosse, Citrix, am Citrix Day 2014 von Digicomp:
Citrix ShareFile ist für Unternehmen konzipiert und für Mobilanwender optimiert. Im Gegensatz zu unsicheren Consumer- und anderen einfachen Dateifreigabetools bietet ShareFile Funktionen für eine sichere Synchronisierung und Freigabe von Unternehmensdateien.
Here you can find the slides that accompany my “SPA Secure Coding Guide”, this presentation go through a set of security best practices specially targeted towards developing Angular applications with ASP.Net Web Api backends.
It comes with a WebApi example project available on GitHub that provides several code examples of how to defend yourself. The example app is based on the famous "Tour of Heroes" Angular app used throughout the Angular documentation.
It first introduce general threat modelling before explaining the most current type of attacks Asp.Net Web API are vulnerable to .
It is designed to serve as a secure coding reference guide, to help development teams quickly understand Asp.Net Core secure coding practices.
Case Studies on STORK, IDAP, & eID. Led by Zaeher Rachid, lead access management and OpenAM engineer at Paradigmo and Wouter Vandenbussche
Identity And Access Management Consultant, Global Consulting and Integration Services | Verizon Enterprise Solutions
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Michael Collier
Identity management for cloud deployed applications can be a challenge. Often users will want to leverage an existing social network or corporate identity. Now we have to worry about dealing with multiple APIs, any updates to those APIs, or the addition of new identity providers. Windows Azure Access Control Services offers a better way! ACS allows for federated user authentication via popular social networks and Active Directory. In this session we’ll provide a crash course in claims as they relate to identity management. We’ll discuss why claims are important and how to add additional claims beyond what is provided by the identity providers. We'll also take a look at Windows Azure Active Directory and see how to manage corporate identities in the cloud.
PortalGuard’s Flexible Two-factor Authentication options are designed as strong authentication methods for securing web applications. PortalGuard leverages a one-time password (OTP) as a factor to further prove a user's identity. The OTP can be delivered via SMS, email, printer, and transparent token. Configurable by user, group or application this is a cost effective approach to stronger authentication security.
Tutorial: http://pg.portalguard.com/flexible_two-factor_tutorial
Similar to T28 implementing adfs and hybrid share point (20)
Hub sites are a new building block of the intranet, to bring together related sites to roll up news and activity, to simplify search, and to create cohesion with shared navigation and look-and-feel.
Attend this session to learn all about this new awesome feature.
Here are some keywords to get your attention :-): PowerShell, Azure functions, Flow, Site Design.
Warning! There will be demos :)
Hub sites are a new building block of the intranet, to bring together related sites to roll up news and activity, to simplify search, and to create cohesion with shared navigation and look-and-feel.
Attend this session to learn all about this new awesome feature.
Here are some keywords to get your attention :-): PowerShell, Azure functions, flow, site design, themes.
Slides used at my session about Microsoft Teams, at SharePoint Saturday Oslo, the 5.anniversary conferenc. It also includes extending possibilities via Office Graph, Bots, 3.party apps, and Tabs presented by my colleague Kjetil Hovding
Office365 usergroup agder [UGA] meetup in Kristiansand 13. september 2017. A presentation of Microsoft Teams With all it's New features like external sharing Azure B2B. In the notes section of the PPT you will find usefull links.
Microsoft Teams -the New Social Workspace!!
See how MS Teams can replace Slack, Yammer, Newsfeed and a heck lot of other Workspace Apps. I integrate SharePoint, PowerBI, and add Apps to totally support you'r business needs. An effective boost for every organization with an Office365 tenant. This is the future, be there or be square :)
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
2. About me
Thorbjørn Værp
Principal Consultant Puzzlepart
Kristiansand, Norway
www.Sharepoint13.net | @vaerpn
Celebrating 21 years IT-pro, 11 of them in SP
MCT | XVC
#ESPC14
6. A Web service is a method of communications between two
electronic devices over a network. It is a software function
provided at a network address over the web with the service
always on as in the concept of utility computing.
7. An open standard for authentication
Similar architecture to WS-*
OpenID authentication used by PayPal, Google, VeriSign, Twitter +
8. An open standard for authorization
Method for clients to access server resources on behalf of a resource owner
Oauth has no signing or encryption (it relies only on ssl for opacity)
Wide adoption, Facebook, Microsoft,
Two version, 1.0 & 2.0 –no backwards compability.
10. The problem with authentication
• Current technologies do not work well on the Internet (NTLM,
Kerberos etc.)
– Basic is the only authentication mechanism that was part of the
HTTP (1.0), all the others are bolted on
• Several and different user stores (AD, LDAP, eDir)
• Relies on your particular platform
• Authentication had to be handled and understood by the
developers, whose time is better spent developing the
application
• Each new authentication scheme required chaning the code
13. What is claims-based identity?
• Abstraction layer (indirection)
• A claim is an authoritative statement about a subject made by
an entity
• A claim can be anything (not just security information) that
can be associated with a subject
– Name | Age | Group membership | Role
• A claim is always associated with the entity that issued it
• There are several claim standards
• Claims are stored and transmitted in security tokens
14. What is claims based identity?
– XML or binary fragments constructed according to some
security standard
– Digitally signed
• There are several token formats
• SAML (Security Assertion Markup Language) JWT (JSON
Web Token) SWT (Simple Web Token)
• Claims based identity requires a trust model
– Usually implemented with digital certificates
15. Claims in SharePoint 2013
3 types of claim providers
Windows
Trusted Provider (SAML)
Forms Based AuthN
Multiple AuthN providers possible in the same zone
Classic mode only via PowerShell
16. Claims in SharePoint 2013
• SP 2013 has its own STS implementation
• The SP 2013 Federation Metadata is in JSON, not XML
• Both Classic authentication mode (WIA) and claims mode
(WIA/FBA/SAML) is supported, but claims is the default
• In claims mode every form of AuthN is transformed to a
SAML token
26. Grocery list
• 4 Public Certificates + (eg.RapidSSL)
• Fs3.vaerpn.com
• Sp.vaerpn.com
• Tokensign.vaerpn.com
• Decrypt.vaerpn.com
• Reverse proxy, (WEP, F5, Netscaler, Azure
Endpoints,)
• Update public DNS
• Update internal DNS
• ADFS server, one or more
• SharePoint 2013
27. Step by Step
The Environment
• We got AD with a routable domain | vaerpn.com,
externaly registered.
• Enterprise Admin access AD DS & available admin e-mail
• SP 2013 with SQL server
• Firewall/ReverseProxy or Azure
• One or more Win2012 R2 domain joined servers to add
ADFS 3.0 Role
What to do:
1.Get those Certificates, 2. Add ADFS Role, 3. Configure ADFS & Certificates 4. Configure
Claim Rule, 5: Add RelayingParty Identifier, 6. Create & Connect SP Trusted Identity Provider
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39. Repeat until you have 4 certificates
adfs.vaerpn.com -> for ADFS service
signing.vaerpn.com ->for token signing
decrypt.vaerpn.com ->for decrypt (not used by SP but a prereq)
sp.vaerpn.com ->for SSL on SharePoint web app (one pr.web app)
88. Wrap Up
History
WS-*, OpenID, OpenAuth, David Wheeler "All problems in computer science can be
solved by another level of indirection."
Claims
A claim is an authoritative statement about a subject made by an entity. In claims mode
every form of AuthN is transformed to a SAML token
ADFS & SharePoint 2013
ADFS 3.0 no IIS. Always use public certificates, plan stuff, Must use PowerShell
Hands up IT-pro or IT-dev, BI/Business (great) , ADFS 2.0 or 3.0, Is it a great first day -?
Subject: anythingthatneeds to be identified (authenticated) aka. principal/userAuthentication (AuthN): The processofestablishingidentity, preferably mutual. This requiresproof, usually in the form ofcredentials. Authorization (AuthZ): Determining, and granting or denyingaccess to resources for subjectImpersonation: A service canact as theuserwhileperforming an action onthe same server the service is hostedonDelegation: A service canact as theuserwhileperforming an action hostedonanother server Profile store: Service/appprofileinformationwith an immutable ID for eachsubject
There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These variety of specifications are the basic web services framework established by first-generation standards represented by WSDL, SOAP, and UDDI.[1] Specifications may complement, overlap, and compete with each other. Web service specifications are occasionally referred to collectively as "WS-*", though there is not a single managed set of specifications that this consistently refers to, nor a recognized owning body across them all.“WS-“is a prefix used to indicate specifications associated with Web Services and there exist many WS* standards including WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust.[2] This page includes many of the specifications that might be considered a part of "WS-*".
OpenID is an open standard that allows users to be authenticated by certain co-operating sites (known as Relying Parties or RP) using a third party service, eliminating the need for webmasters to provide their own ad hoc systems and allowing users to consolidate their digital identities.[1]
OAuth began in November 2006 when Blaine Cook was developing the TwitterOpenID implementation. Meanwhile, Ma.gnolia needed a solution to allow its members with OpenIDs to authorize Dashboard Widgets to access their service. Cook, Chris Messina and Larry Halff from Magnolia met with David Recordon to discuss using OpenID with the Twitter and Ma.gnolia APIs to delegate authentication. They concluded that there were no open standards for API access delegation.OAuth 2.0 is the next evolution of the OAuth protocol and is not backwards compatible with OAuth 1.0. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. The specification and associated RFCs are developed by the IETF OAuth WG;[4] the main framework was published in October 2012. (It was expected to be finalized by the end of 2010, according to Eran Hammer.[5] However, due to discordant views about the evolution of OAuth, Hammer left the working group.[6])Facebook's new Graph API only supports OAuth 2.0.[7]Google supports OAuth 2.0 as the recommended authentication mechanism for all of its APIs.[8] As of 2011 Microsoft[9] has added OAuth 2.0 experimental support to their APIs.The OAuth 2.0 Framework[10] and Bearer Token Usage[11] were published in October 2012. Other documents are still being worked on within the OAuth working group.
Anonymous • Not technicallyclientauthentication • Basic • Part of HTTP 1.0 spec • Ubiquitous support • Server knowstheusername/password • NTLM/Kerberos (WIA) • Cannottraversefirewalls or proxies • Forms basedAuthN • Authenticationhappensindependentof transfer protocol • Authenticationimplemented in theapplication • Occursafter IIS authentication
From wikipediaEducation[edit]Wheeler was born in Birmingham and gained a scholarship at Trinity College, Cambridge to read the Cambridge Mathematical Tripos, graduating in 1948.[14] He completed the world's first[citation needed] PhD in computer science in 1951.[15]Career[edit]Wheeler's contributions to the field included work on the EDSAC[16] and the Burrows–Wheeler transform. Along with Maurice Wilkes and Stanley Gill he is credited with the invention of the subroutine (which they referred to as the closed subroutine), a predecessor of the infamous goto statement;[5] as a result, the jump to subroutine instruction is often called Wheeler Jump. He was responsible for the implementation of the CAP computer, the first to be based on security capabilities. In cryptography, he was the designer of WAKE and the co-designer of the TEA and XTEA encryption algorithms together with Roger Needham.Wheeler married Joyce Blackler in August 1957, who herself used EDSAC for her own mathematical investigations as a research student from 1955. He became a Fellow of Darwin College, Cambridge in 1964 and formally retired in 1994, although he continued to be an active member of the University of CambridgeComputer Laboratory until his death. In 1994 he was inducted as a Fellow of the Association for Computing Machinery. In 2003 he was a Computer History Museum Fellow Award recipient. The Computer Laboratory at the University of Cambridge annually holds the "Wheeler Lecture", a series of distinguished lectures named after him.[17]Wheeler is often quoted as saying "All problems in computer science can be solved by another level of indirection."[18] Another quotation attributed to him is "Compatibility means deliberately repeating other people's mistakes
• • • Abstractionlayer (indirection) A claim is an authoritative statement about a subjectmade by an entity A claimcan be anything (not just securityinformation) thatcan be associatedwith a subject • • • • • • • • XML or binary fragments constructedaccording to somesecurity standard Digitallysigned • • • • • • Name Age Group membershipRole SAML (Security AssertionMarkup Language) JWT (JSON Web Token) SWT (Simple Web Token) • Usuallyimplementedwith digital certificates A claim is alwaysassociatedwiththeentitythatissued it Thereareseveralclaim standards Claimsarestored and transmitted in security tokens Thereareseveral token formats Claimsbasedidentityrequires a trust modelClaims-based identity is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet.[1] It also provides a consistent approach for applications running on-premises or in the cloud.The key strength of claims-based identity is that it abstracts the individual elements of identity and access control into two parts; a single, general notion of claims and the concept of an issuer or an authority.[2]A claim is a statement that one subject, such as a person or organization, makes about itself or another subject. For example the statement can be about a name, group, buying preference, ethnicity, privilege, association or capability. The subject making the claim or claims is the provider. Claims are packaged into one or more tokens that are then issued by an issuer (provider), commonly known as a Security Token Service (STS).[2]
Claims-based identity is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet.[1] It also provides a consistent approach for applications running on-premises or in the cloud.The key strength of claims-based identity is that it abstracts the individual elements of identity and access control into two parts; a single, general notion of claims and the concept of an issuer or an authority.[2]A claim is a statement that one subject, such as a person or organization, makes about itself or another subject. For example the statement can be about a name, group, buying preference, ethnicity, privilege, association or capability. The subject making the claim or claims is the provider. Claims are packaged into one or more tokens that are then issued by an issuer (provider), commonly known as a Security Token Service (STS).[2]
SAML-Basedclaimsauthenticationprocess for SharePoint 2013Security AssertionMarkup Languagehttp://en.wikipedia.org/wiki/Saml
WHY ADFSNatural candidate for SharePointSupports the necessary standardsIntegration with Active DirectoryOften used as a go-betweenPowerful capabilitiesFree with Windows Server licenseSolutions on the market:CA SiteMinderShibollethOracle Access ManagerIBM Tivoli Access ManagerActive Directory Federation ServicesCustom solutions using WIF
Edge FireWall –not recommended.
Adminenabled e-mail for thatcertificateapprover e-mail.RP=Relaying Party
Consideraddroles and featurespic, server manager dashboard