SlideShare ist ein Scribd-Unternehmen logo

Claims for devs - Authentication, Authorization, Tokens and Claims in SharePoint

Als PPTX, PDF herunterladen
Steven Van de Craen
Steven Van de Craen

This document provides an overview of claims-based authentication and authorization in SharePoint. It discusses authentication versus authorization, security tokens and claims, the different authentication options in SharePoint including classic and claims-based modes, and how cookies and expiration work. It also covers claims encoding, demos of creating custom login pages and claims providers, and resources for further information.

TechnologieWirtschaft & Finanzen
1 von 15
Claims for devs #spsbe Steven Van de Craen
Thanks to our Sponsors Platinum Gold Silver
About me Steven Van de Craen Ventigrate SharePoint enthousiast Since 2005
Overview • AuthN – AuthZ • Tokens and Claims • What about SharePoint • Passive sign-in • Cookies and expiration • Encoding • #demos • Wrap-up • Resources
AuthN - AuthZ • What is Authentication? Process of determining whether someone is who he declares to be I am @vandest1 • What is Authorization? Process of determining whether someone has the permission to do something I have Read permissions on this site VS
Tokens and Claims • What is a Claim? Information such as name, e-mail, age, group membership, etc. • What is Identity? Set of attributes to describe a user • Security Token User Identity as a set of claims
What about SharePoint • Classic or Claims • Three authentication options  Windows – NTLM/Kerberos/Basic transformed into a Windows token  Forms Based Authentication – Membership and Role Provider, typical extranet with SQL or LDAP as underlying store  Trusted Identity – Outsource authentication to an Identity Provider (WLID, ADFS, custom) • C2WTS Converts classic and claims users to a Windows token for systems that aren’t claims aware
Passive sign-in An Identity Provider (IdP) is an authority that makes claims about an entity An identity provider implements a Security Token Service (STS), which issues tokens The Relying Party (your application) needs to decide which “claim” it trusts Facebook: “Steven is 18 years old” Social Services: “Steven is 29 years old” SAML 1.1 required http://msdn.microsoft.com/en-us/magazine/ff872350.aspx
Cookies and expiration • Persistent vs Session • Single Sign On for Office clients, WebDAV • Configurable on the SharePoint STS • SharePoint 2013 Distributed Cache Stores the security token issued by a Secure Token Service. Any web server can access the security token from the cache, authenticate the user and provide access to the resources requested.
Encoding • Classic Windows: DOMAINusername FBA: myprovider:username • Claims Windows: i:0#.w|domainusername FBA: i:0#.f|myprovider:username • Microsoft.SharePoint.Administration.Cla ims SPClaim SPClaimProviderManager .DecodeClaim/.EncodeClaim
http://www.wictorwilen.se/Post/How-Claims-encoding-works-in-SharePoint-2010.aspx
#demos • Create a custom login page Multiple authentication: automatic redirect Simple audit logging Update SPUser display name and email • Create a custom Security Token Service Provide centralized authentication for many Relying Parties Single sign on across Relying Parties Can have pluggable authentication model with multiple providers • Create a custom claim provider Augment – Provide additional claims for the identity Resolution – Allow name resolution for People Picker Use claims for normalization or authorization (claims based security)
Multiple authentication Use claims for securing content Single sign on across RPs and apps Decouple authentication from SharePoint Recommended authentication model for SharePoint Wrap-up
Resources  Implementing Claims-Based Authentication with SharePoint Server 2010 – http://bit.ly/ozwB17  Claims authentication against Windows Live ID for SharePoint 2010 – http://bit.ly/aXKMCp  Converting EPiServer 6 to use claims-based authentication with WIF – http://bit.ly/c71Ipl  Ventigrate Codeplex: External User Management – http://bit.ly/JMtpc4  Claims Walkthrough: Writing Claims Providers for SharePoint 2010 – http://bit.ly/aNPypt  The Identity Guy – http://bit.ly/qYhItd  How Claims encoding works in SharePoint 2010 – http://bit.ly/yqpwR7  How to Get All User Claims at Claims Augmentation Time in SharePoint 2010 – http://bit.ly/gX3V3p  Custom Security Token Service (WIF 4.5) – http://bit.ly/14fGzb5  How to make use of a custom IP-STS with SharePoint 2010 – http://bit.ly/Y7OnJB
THANK YOU Steven Van de Craen EMAIL: steven.vandecraen@ventigrate.be BLOG: http://www.sharepointblogs.be/blogs/vandest TWITTER: @vandest1

Empfohlen

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Authentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreAuthentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreBilly Cravens
 

Empfohlen

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Authentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreAuthentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreBilly Cravens
 
SharePoint Saturday The Conference DC - How the bcs saved my marriage
SharePoint Saturday The Conference DC - How the bcs saved my marriageSharePoint Saturday The Conference DC - How the bcs saved my marriage
SharePoint Saturday The Conference DC - How the bcs saved my marriageLiam Cleary [MVP]
 
DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2Pratik Khasnabis
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CJohn Garland
 
Understanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic ServerUnderstanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic ServerHojjat Abedie
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?Liam Cleary [MVP]
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015Vlad Mihnea
 
SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...Liam Cleary [MVP]
 
Screen short
Screen shortScreen short
Screen shortmadhukarreddy007
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
SSO_Good_Bad_Ugly
SSO_Good_Bad_UglySSO_Good_Bad_Ugly
SSO_Good_Bad_UglySteve Markey
 
OAuth 2.0 Misconceptions
OAuth 2.0 MisconceptionsOAuth 2.0 Misconceptions
OAuth 2.0 MisconceptionsCory Forsyth
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
K8s idm-devfest
K8s idm-devfestK8s idm-devfest
K8s idm-devfestMarc Boorshtein
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 

Weitere ähnliche Inhalte

Was ist angesagt?

SharePoint Saturday The Conference DC - How the bcs saved my marriage
SharePoint Saturday The Conference DC - How the bcs saved my marriageSharePoint Saturday The Conference DC - How the bcs saved my marriage
SharePoint Saturday The Conference DC - How the bcs saved my marriageLiam Cleary [MVP]
 
DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2Pratik Khasnabis
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CJohn Garland
 
Understanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic ServerUnderstanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic ServerHojjat Abedie
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?Liam Cleary [MVP]
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 
Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015Vlad Mihnea
 
SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...Liam Cleary [MVP]
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
OAuth 2.0 Misconceptions
OAuth 2.0 MisconceptionsOAuth 2.0 Misconceptions
OAuth 2.0 MisconceptionsCory Forsyth
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 

Was ist angesagt? (20)

SharePoint Saturday The Conference DC - How the bcs saved my marriage
SharePoint Saturday The Conference DC - How the bcs saved my marriageSharePoint Saturday The Conference DC - How the bcs saved my marriage
SharePoint Saturday The Conference DC - How the bcs saved my marriage
 
DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio Maio
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
 
Understanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic ServerUnderstanding Security for Oracle WebLogic Server
Understanding Security for Oracle WebLogic Server
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.Net
 
Presentation
PresentationPresentation
Presentation
 
Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015Ymens - Cloud Identity Crisis - Dev Talks 2015
Ymens - Cloud Identity Crisis - Dev Talks 2015
 
SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...
 
Screen short
Screen shortScreen short
Screen short
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
 
SSO_Good_Bad_Ugly
SSO_Good_Bad_UglySSO_Good_Bad_Ugly
SSO_Good_Bad_Ugly
 
OAuth 2.0 Misconceptions
OAuth 2.0 MisconceptionsOAuth 2.0 Misconceptions
OAuth 2.0 Misconceptions
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token Authentication
 
K8s idm-devfest
K8s idm-devfestK8s idm-devfest
K8s idm-devfest
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 

Ähnlich wie Claims for devs - Authentication, Authorization, Tokens and Claims in SharePoint

SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationEdin Kapic
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using ClaimsVolkan Uzun
 
Extending Authentication and Authorization
Extending Authentication and AuthorizationExtending Authentication and Authorization
Extending Authentication and AuthorizationEdin Kapic
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxzmulani8
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonDavid Johansson
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentOlivier Naveau
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentForgeRock
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnHelp! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnSaloni Shah
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 

Ähnlich wie Claims for devs - Authentication, Authorization, Tokens and Claims in SharePoint (20)

SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and Authorization
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
 
Extending Authentication and Authorization
Extending Authentication and AuthorizationExtending Authentication and Authorization
Extending Authentication and Authorization
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
 
Https
HttpsHttps
Https
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptx
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration component
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration Component
 
Web security
Web securityWeb security
Web security
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
 
Certification authority
Certification authorityCertification authority
Certification authority
 
Integrando Azure AD B2C con Xamarin.Forms
Integrando Azure AD B2C con Xamarin.FormsIntegrando Azure AD B2C con Xamarin.Forms
Integrando Azure AD B2C con Xamarin.Forms
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnHelp! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
 
.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C.NET MAUI + Azure AD B2C
.NET MAUI + Azure AD B2C
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 

Kürzlich hochgeladen

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Kürzlich hochgeladen (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Claims for devs - Authentication, Authorization, Tokens and Claims in SharePoint

  • 3. About me Steven Van de Craen Ventigrate SharePoint enthousiast Since 2005
  • 4. Overview • AuthN – AuthZ • Tokens and Claims • What about SharePoint • Passive sign-in • Cookies and expiration • Encoding • #demos • Wrap-up • Resources
  • 5. AuthN - AuthZ • What is Authentication? Process of determining whether someone is who he declares to be I am @vandest1 • What is Authorization? Process of determining whether someone has the permission to do something I have Read permissions on this site VS
  • 6. Tokens and Claims • What is a Claim? Information such as name, e-mail, age, group membership, etc. • What is Identity? Set of attributes to describe a user • Security Token User Identity as a set of claims
  • 7. What about SharePoint • Classic or Claims • Three authentication options  Windows – NTLM/Kerberos/Basic transformed into a Windows token  Forms Based Authentication – Membership and Role Provider, typical extranet with SQL or LDAP as underlying store  Trusted Identity – Outsource authentication to an Identity Provider (WLID, ADFS, custom) • C2WTS Converts classic and claims users to a Windows token for systems that aren’t claims aware
  • 8. Passive sign-in An Identity Provider (IdP) is an authority that makes claims about an entity An identity provider implements a Security Token Service (STS), which issues tokens The Relying Party (your application) needs to decide which “claim” it trusts Facebook: “Steven is 18 years old” Social Services: “Steven is 29 years old” SAML 1.1 required http://msdn.microsoft.com/en-us/magazine/ff872350.aspx
  • 9. Cookies and expiration • Persistent vs Session • Single Sign On for Office clients, WebDAV • Configurable on the SharePoint STS • SharePoint 2013 Distributed Cache Stores the security token issued by a Secure Token Service. Any web server can access the security token from the cache, authenticate the user and provide access to the resources requested.
  • 10. Encoding • Classic Windows: DOMAINusername FBA: myprovider:username • Claims Windows: i:0#.w|domainusername FBA: i:0#.f|myprovider:username • Microsoft.SharePoint.Administration.Cla ims SPClaim SPClaimProviderManager .DecodeClaim/.EncodeClaim
  • 12. #demos • Create a custom login page Multiple authentication: automatic redirect Simple audit logging Update SPUser display name and email • Create a custom Security Token Service Provide centralized authentication for many Relying Parties Single sign on across Relying Parties Can have pluggable authentication model with multiple providers • Create a custom claim provider Augment – Provide additional claims for the identity Resolution – Allow name resolution for People Picker Use claims for normalization or authorization (claims based security)
  • 13. Multiple authentication Use claims for securing content Single sign on across RPs and apps Decouple authentication from SharePoint Recommended authentication model for SharePoint Wrap-up
  • 14. Resources  Implementing Claims-Based Authentication with SharePoint Server 2010 – http://bit.ly/ozwB17  Claims authentication against Windows Live ID for SharePoint 2010 – http://bit.ly/aXKMCp  Converting EPiServer 6 to use claims-based authentication with WIF – http://bit.ly/c71Ipl  Ventigrate Codeplex: External User Management – http://bit.ly/JMtpc4  Claims Walkthrough: Writing Claims Providers for SharePoint 2010 – http://bit.ly/aNPypt  The Identity Guy – http://bit.ly/qYhItd  How Claims encoding works in SharePoint 2010 – http://bit.ly/yqpwR7  How to Get All User Claims at Claims Augmentation Time in SharePoint 2010 – http://bit.ly/gX3V3p  Custom Security Token Service (WIF 4.5) – http://bit.ly/14fGzb5  How to make use of a custom IP-STS with SharePoint 2010 – http://bit.ly/Y7OnJB
  • 15. THANK YOU Steven Van de Craen EMAIL: steven.vandecraen@ventigrate.be BLOG: http://www.sharepointblogs.be/blogs/vandest TWITTER: @vandest1

Hinweis der Redaktion

  1. Template may not be modified Twitter hashtag: #spsbe for all sessions
  2. Please use a picture of yourself in a mountain/cloudscene