Claims Based Authentication

Slides:

Advertisements

Similar presentations

Secure Single Sign-On Across Security Domains

Advertisements

Identity Network Ideals – Heterogeneity & Co-existence

Active Directory Federation Services How does it really work?

Dan Usher Joel Ward. Who we are… What we’ve seen… Security Concerns in today’s world Why SmartCards? Authentication & Authorization of SharePoint IIS.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.

Implementing and Administering AD FS

Eric Raff. Usergroup up

SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue

Identity & Access Management Conversation Karlien Vanden Eynde Product Marketing Manager.

Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Microsoft Certification Exam Coaching Session: Windows SharePoint Services 3.0, Configuring.

MCTS: Pass one of 24 exams (a few require more). Multiple counters are and You can also choose.

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Microsoft Identity and Access Solutions Market Trends and Futures

Single Sign-on Integration (SSI) MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

© 2011 PLANET TECHNOLOGIES, INC. Augmenting User Profiles with Line of Business Data Patrick Curran, MCT APRIL 28, 2012.

First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )

Quarterly Customer Meeting Active Directory Federation Services (ADFS) April 2015.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

© 2011 PLANET TECHNOLOGIES, INC. Extending User Profiles with Line of Business Data Patrick Curran, MCT FEBRUARY 24, 2013.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

© 2011 PLANET TECHNOLOGIES, INC. Extending User Profiles with Line of Business Data Patrick Curran, MCT JANUARY 5, 2013.

Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.

Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:

IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

1 Extending User Profiles with Line of Business Data Patrick Curran, MCT.

Tech Ed North America /24/2017 1:59 AM SESSION CODE: SIA327

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Designing Secure SharePoint External Access Ondrej Sevecek | MCM: Directory | MVP: Security |

Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

CRM in Education: Raising Standards. Saving Time. Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

Brian Puhl Principal Technology Architect MSIT Identity & Access Management Microsoft Corporation SESSION CODE: SIA302.

With ADFS and Azure Active Directory

Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Alex Thissen | Achmea Designing and implementing a claims-based architecture Alex Thissen | Achmea Claim typeValue

Architectural Patterns For The Cloud Brian H. Prince | Microsoft.

BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

About Me AUTHENTICATION Identity Provider.

Authentication methods SharePoint Web Application Windows integrated Membership & Role Providers Web SSO Access control Roles protected Anonymous.

Networks ∙ Services ∙ People Jean Marie THIA GN4-1 Symposium, Vienna A case study GÉANT AuthN / AuthZ 9 march 2016 Solutions Architect -

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

PremierPoint Solutions Announces Significant New Features in Extranet Collaboration Manager for SharePoint 2013 R2 1888PressRelease - PremierPoint Solutions.

Secured Services Best Practices on ArcGIS for Server Patrick Jackson & Thomas Noble.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Web SSO with Cloud Resources using AD Federation Services

SharePoint Authentication and Authorization

Secure Single Sign-On Across Security Domains

Stop Those Prying Eyes Getting to Your Data

Azure Active Directory - Business 2 Consumer

Dumps PDF Architecting Microsoft Azure Solutions Are You Worried About Your Exam…

Cross-Org Collaboration using SharePoint 2010 & AD FS 2.0

SPC2012 – IT-Pro 11/29/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

SharePoint Online Hybrid – Configure Outbound Search

SPC2012 – IT-Pro 12/9/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Office 365 Identity Management

12/25/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.

Presentation transcript:

Claims Based Authentication Using ADFS 2.0 Presented By: Shannon Bray

Shannon Bray Twitter: @NoIdentity29 MCT, MCPD, MCITP, MCTS, MCAD, MCDBA MCM Candidate (Oct. 2010 Rotation) Technical Architect – Planet Technologies Colorado SharePoint Users Group (COSPUG) Twitter: @NoIdentity29 Email: sbray@go-planet.com

Clayton Cobb Twitter: @Warrtalon MVP, MCITP, MCTS Technical Architect – Planet Technologies Colorado SharePoint Users Group (COSPUG) Twitter: @Warrtalon Email: ccobb@go-planet.com

Agenda Introduction to CBA How does ADFS 2.0 Come Into Play? Farm Configurations Step by Step Common Pitfalls Questions and Answers

What is CBA? “Geneva” is Microsoft’s next generation identity and access management platform built on Active Directory® directory services. “Geneva” provides claims-based access and single sign-on for on-premises and cloud-based applications in the enterprise, across organizations, and on the Web. “Geneva” leverages claims which describe identity attributes and can be used to drive application and other system behaviors with an open architecture that implements the industry’s shared Identity Metasystem vision.”

Benefits Supports Existing Identity Infrastructure Active Directory LDAP, SQL Federation Gateways WebSSO and Identity Management Systems Enables Automatic, Secure Identity Delegation Supports “no credential” connections to external web services Consistent API to develop SharePoint Solutions

Identity What is Identity? What is a Claim? Set of attributes to describe a user such as name, e-mail, age, group membership, etc. What is a Claim? Some authority that claims to have the attribute and its value

User Identity is a set of Claims Why we say “claim” and not “attribute”? FaceBook & DOL have the age attribute FaceBook claims that I am 18, while DOL claims I am 38. If a claim was based on age, which would you trust?

User Identity is a set of Claims Why we say “claim” and not “attribute”? FaceBook & DOL have the age attribute FaceBook claims that I am 18, while DOL claims I am 38. If a claim was based on age, which would you trust?

Identity Normalization Classic Claims NT Token NT Token ASP.NET SAML 1.1 SAML Token (CBA) SP USER

The Authentication Process

How does ADFS 2.0 Come Into Play?

Farm Configurations Internal (Corp) External ADFS 2.0 AD w/ DNS SharePoint 2010 SQL External

Step by Step ADFS 2.0 Wizard Server Certificates

Step by Step - Demo

Common Pitfalls Kerberos SPTITI ADFS 2.0 Settings Not So Random Errors

The Short Story CBA ADFS 2.0 Common Pitfalls http://shannonbray.wordpress.com

Questions and Answers?

THANK YOU!!!