Using Claims based authentication with SharePoint

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Active Directory Federation Services How does it really work?
SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.
AttributeValue Display NameChris Gideon User NameContoso\cgideon TitleSenior PFE.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue
Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Managing Identity and Permissions
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
SharePoint Server 2013 Architecture and Identity
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Troubleshooting Federation, AD FS 2.0, and More…
Christian Paquin Senior Program Manager Microsoft Corporation SESSION CODE: SIA305.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
SharePoint Design Tools Office Applications.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Claims Based Authentication
SharePoint External Login Access – Forms Authentication vs Azure ACS.
First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )
Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director.
Deferred Site Collection Upgrade Self-Service Site Collection Upgrades.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Solution SusQtech (Winchester, VA) SharePoint MVP since 2007 Working with SharePoint since 2001 Work on all types of deployments Dream about.
Troubleshooting Federation, AD FS 2.0, and More…
Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:
IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Harshavardhan Achrekar - Grad Student Umass Lowell presents 1 Scenarios Authentication Patterns Direct Authentication v/s Brokered Authentication Kerberos.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Windows SharePoint Services Managing users and rights.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Web Services Security Patterns Alex Mackman CM Group Ltd
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Claims-based security with Windows Identity Foundation.
Microsoft ® Official Course Module 9 Working with Business Connectivity Services.
Alex Thissen | Achmea Designing and implementing a claims-based architecture Alex Thissen | Achmea Claim typeValue
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
F5 APM & Security Assertion Markup Language ‘sam-el’
About Me AUTHENTICATION Identity Provider.
Authentication methods SharePoint Web Application Windows integrated Membership & Role Providers Web SSO Access control Roles protected Anonymous.
Microsoft Ignite /20/2017 9:04 PM
SharePoint Authentication and Authorization
Secure Single Sign-On Across Security Domains
Stop Those Prying Eyes Getting to Your Data
Authentication Interact Cloud.
Cryptography and Network Security
Azure AD Line Of Business Application Integration
Cross-Org Collaboration using SharePoint 2010 & AD FS 2.0
SharePoint Online Authentication Patterns
Presentation transcript:

Using Claims based authentication with SharePoint Nauzad Kapadia

Identity and Identity Providers Digital Persona Composed of attributes/identifiers Examples: Active Directory, Database, Directory Services Can be proved by providing Claims Attribute Value Display Name Chris Gideon Email Address Cgideon@contoso.com User Name Contoso\cgideon Title Senior PFE

What is a Claim? Information about an identity… Example: Airport Issuer: Department of Public Safety Issuer: Air Line Full Name Name Number Frequent flyer number Address Flight number Citizenship Seating priority Date of birth Gate Date of issue Seat number Date of expiration Sex bar code and/or the magnetic strip Picture Information about an identity… Example: Airport Ticket counter Verification Boarding Pass Issued Security Check point Boarding

Issuers and Security Tokens Issues security tokens Collection of claims Formats SAML Signing

Security Token Service (STS) Web Service that issues claims and packages security tokens. Supports multiple credential types IP-STS and RP-STS. An IP-STS is an STS that issues tokens that can be used to request service tokens from RP-STSs. An RP-STS can also consume other types of tokens (or credentials), for example an NT token that comes from the domain controller or the (KDC) STSs can be chained

Relying Party An application that relies on claims claims-based application. Relying Party Security Token Service (RP-STS)

Department of Public Safety Example - The Airport Birth Records Department of Public Safety Airline Trust Gate Agent Drivers License Drivers License Need Drivers License Boarding Pass Boarding Pass

SharePoint as a Claims-based application SharePoint STS is always relying party STS Built on Windows Identity Foundation (WIF) Multiple authentication types Identity Provider neutral Configured via Central Admin or PowerShell Delegation of user identity between applications.

SharePoint Claims Overview IP-STS SharePoint STS Trust Web App Issue token Send token Issue token Authenticate Send token Send Cookie

Browser-based sign-in Issuer Active Directory Get / 302 AuthN SAML Token Post Process Token Cookie Cookie Process Claims 302

Identity Normalization -Classic -Claims NT Token Windows Identity NT Token Windows Identity ASP.Net (FBA) SAL, LDAP, Custom … SAML ADFS, Ping, etc. SAML Token Claims Based Identity SPUser

Claims Providers Retrieve and expose claims Deployed via WSP For augmentation Insert claims into the Security Token For setting permissions give access to “all PMs with blue eyes” Deployed via WSP

Forms Based Authentication Exposed through Claims Mode Implemented as a Claims Provider Upgrade Inplace – ACLS updated, web.config not DBAttach – ACLs updated, no need to update config Provider Neutral e.g. SQL, LDAP etc

What changed in FBA FBA users are exposed through Claims Claims identity is created instead of generic identity STS talks to membership provider to validate user and issues a claims token ValidateUser() must be implemented by membership providers Roles are converted to claims Mixed mode environments

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.