The document provides an overview of identity, authentication, and authorization in Microsoft SharePoint 2010. It discusses identity providers, claims-based identity, and how claims-based authentication works in SharePoint 2010. The document also demonstrates configuring claims-based authentication using Windows Live ID and provides additional resources on claims-based authentication in SharePoint.
3. • Identity and Identity Providers
• Authentication and Authorization
• Identity challenges in SharePoint 2007
• Claims-Based Identity
• Claims-Based Authentication in
Microsoft SharePoint 2010
• Demo
• Q&A
4.
5. • What is Identity?
– A set of attributes to describe a user
6. • What is Identity Providers?
– Composed of attributes/identifiers
• Examples:
– Active Directory, Directory Services
7.
8. • What is Authentication (AuthN)?
– Authentication is the process of
identification and validation of a
user's identity
• What is Authorization (AuthZ)?
– Determines whether that identity
has access to a particular resource
such as sites, content, and other
features the user can access.
9.
10. • Authentication is intertwined within
SharePoint 2007
• Very Complex in doing the
configuration
• Access control only through
attribute providers
So… What is the SOLUTIONS ???
11.
12. • What is Claims? Issuer: Police
Dept.
Issuer: VN
Railway
– Information Full Name Name
about the user ID Number Frequent flyer
number
… such as Full Address Train number
name, e-mail, Regional Bus
age, group, Date of birth Seat number
etc.
Date of issue Date of issue
Sex
Picture
15. • The service component that builds, signs,
and issues security tokens.
• Supports multiple credential types
• Identity Provider STS (IP-STS) and a Relying
Party STS(RP-STS).
– An IP-STS is an STS that issues tokens that
can be used to request service tokens
from RP-STSs.
– An RP-STS can also consume other types of
tokens (or credentials), for example an NT
token that comes from the domain
controller or the (KDC)
• STSs can be chained
16. • SharePoint STS is always relying party STS
Built on Windows Identity Foundation
(WIF)
• Multiple authentication types
• Identity Provider neutral
– Configured via Central Admin or
PowerShell
• Delegation of user identity between
applications.
21. • Support existing identity infrastructure
– Active Directory
– LDAP, SQL
– WebSSO and Identity Management Systems
• Multiple authentication methods per
SharePoint Web Application
• Enable automatic, secure identity delegation
– Cross-machines & cross-farm
• Support “no-credential” connections to
External web services
• Standards-based and Interoperable