The document provides an overview of identity, authentication, and authorization in Microsoft SharePoint 2010. It discusses identity providers, claims-based identity, and how claims-based authentication works in SharePoint 2010. The document also demonstrates configuring claims-based authentication using Windows Live ID and provides additional resources on claims-based authentication in SharePoint.

2. Binh Thanh Nguyen
Solutions Architect and Project Manager
Bamboo Solutions Corporation Vietnam

3. • Identity and Identity Providers
• Authentication and Authorization
• Identity challenges in SharePoint 2007
• Claims-Based Identity
• Claims-Based Authentication in
Microsoft SharePoint 2010
• Demo
• Q&A

5. • What is Identity?
– A set of attributes to describe a user

6. • What is Identity Providers?
– Composed of attributes/identifiers
• Examples:
– Active Directory, Directory Services

8. • What is Authentication (AuthN)?
– Authentication is the process of
identification and validation of a
user's identity
• What is Authorization (AuthZ)?
– Determines whether that identity
has access to a particular resource
such as sites, content, and other
features the user can access.

10. • Authentication is intertwined within
SharePoint 2007
• Very Complex in doing the
configuration
• Access control only through
attribute providers
So… What is the SOLUTIONS ???

12. • What is Claims? Issuer: Police
Dept.
Issuer: VN
Railway
– Information Full Name Name
about the user ID Number Frequent flyer
number
… such as Full Address Train number
name, e-mail, Regional Bus
age, group, Date of birth Seat number
etc.
Date of issue Date of issue
Sex
Picture

13. Request ID Card
ID Card
Trust
ID Card
Ticket
Ticket

15. • The service component that builds, signs,
and issues security tokens.
• Supports multiple credential types
• Identity Provider STS (IP-STS) and a Relying
Party STS(RP-STS).
– An IP-STS is an STS that issues tokens that
can be used to request service tokens
from RP-STSs.
– An RP-STS can also consume other types of
tokens (or credentials), for example an NT
token that comes from the domain
controller or the (KDC)
• STSs can be chained

16. • SharePoint STS is always relying party STS
Built on Windows Identity Foundation
(WIF)
• Multiple authentication types
• Identity Provider neutral
– Configured via Central Admin or
PowerShell
• Delegation of user identity between
applications.

17. Send Cookie
Send token
Issue token
Send token
Issue token
Authenticate

18. Browser Issuer
Get / Active Directory
302
AuthN
SAML Token
Post
Process Token
Cookie
Cookie
302 Process Claims

19. -Classic -Claims

21. • Support existing identity infrastructure
– Active Directory
– LDAP, SQL
– WebSSO and Identity Management Systems
• Multiple authentication methods per
SharePoint Web Application
• Enable automatic, secure identity delegation
– Cross-machines & cross-farm
• Support “no-credential” connections to
External web services
• Standards-based and Interoperable

22. Configure claims-based authentication
using Windows Live ID

24. • MSDN and Technet:
– http://technet.microsoft.com/en-
us/library/ff973117.aspx#section3
– http://blogs.technet.com/b/ritaylor/archive/20
09/06/03/claims-based-authentication-an-
overview.aspx
– http://technet.microsoft.com/en-
us/sharepoint/ff678022.aspx#lesson2
– http://blogs.msdn.com/b/russmax/archive/201
0/05/27/understanding-sharepoint-2010-
claims-authentication.aspx
• Microsoft PDC:
– http://www.microsoftpdc.com/2009/SVC26

25. THANK YOU!