Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Point: Federation relationships are based on trust.

Published byTurner Baptiste Modified over 10 years ago

Similar presentations

Presentation on theme: "Key Point: Federation relationships are based on trust."— Presentation transcript:

1

2

3

4 Key Point: Federation relationships are based on trust

5

6 SharePoint Federation Gateway

7 Multiple, Unique, Dynamic Temporal Single, Instance specific, Dynamic Single, Unique, Static, Stable http://schemas.xmlsoap.org/.../upn http://schemas.xmlsoap.org/.../emailaddre ss http://schemas.xmlsoap.org/.../upn http://schemas.xmlsoap.org/.../emailaddre ss http://schemas.microsoft.com/.../role http://schemas.xmlsoap.org/.../Group http://schemas.microsoft.com/.../groupsid http://schemas.microsoft.com/.../role http://schemas.xmlsoap.org/.../Group http://schemas.microsoft.com/.../groupsid http://schemas.microsoft.com/... /authenticationinstant http://schemas.microsoft.com/... /authenticationmethod http://schemas.microsoft.com/... /authenticationinstant http://schemas.microsoft.com/... /authenticationmethod

8 Identify Authentication and provisioning AD ADFS Public (other) Perform Claims Rationalization (Families) ID’s Roles Groups Define SharePoint Container Security Web App Policies Site Security

9

10 URL’s and Federation Realms Explicit Allow or Deny Web Application Policy on zone Explicit Allow SP Groups Direct Permission

11 Internal authentication AD for corporate users (AD) Extranet with external authentication Collaboration by Role Incoming Groups Mapped to Roles Separating by Roles (Sales, Legal and Portal Users) Audience: Private Federation for Partners (ADFS) Read Only + Audience: Consumer ID for customers (Live, G.., FB)

12 Private Federation with ADFS

13 SharePoint Federation Gateway

14

15 i:0#.w|domain\sAMAccountName 1: “I” for identity claim (user unique identifier) 3: Reserved as 0 (to enable more claim types in the future) Claim value6: Issuer W=Windows 4: Claim Type encoded value (#=User Logon Name) ClaimType : Value: Value Type: OriginalIssuer : http://schemas.microsoft.com/sharepoint/2009/08/claims/userlogonname domain\saMAccountName http://www.w3.org/2001/XMLSchema#String Windows

16 1: “I” for identity claim (user unique identifier) 3: Reserved as 0 (to enable more claim types in the future) Claim value6: Issuer Type T=Trusted 4: Claim Type encoded value (e=UPN) Original Issuer name: Name of membership role provider, name of trusted STS ClaimType : Value: Value Type: OriginalIssuer : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn user@domain.tld http://www.w3.org/2001/XMLSchema#String TrustedProvider:fedpartner

17 1: C for Claim 3: Reserved as 0 (to enable more claim types in the future) Claim value 6: Issuer S=SharePoint STS 4: Claim Type encoded value (‘(‘ = IsAuthenticated) ClaimType : Value: Value Type: OriginalIssuer : http://sharepoint.microsoft.com/claims/2009/08/isauthenticated true http://www.w3.org/2001/XMLSchema#String SecurityTokenService

18 C for Claim3: Reserved as 0 (to enable more claim types in the future) Claim value6: Issuer Type T=Trusted 4: Claim Type encoded value (“Next” ASCII Char) Original Issuer name: Name of membership role provider, name of trusted STS http://myschema.com/claims/2009/09/usertype TrustedPartner http://www.w3.org/2001/XMLSchema#String TrustedProvider:fedpartner ClaimType : Value: Value Type: OriginalIssuer :

19 Internal authentication AD for corporate users (AD) Extranet with external authentication Collaboration by Role Incoming Groups Mapped to Roles Separating by Roles (Sales, Legal and Portal Users) Audience: Private Federation for Partners (ADFS) Read Only + Audience: Consumer ID for customers (Live, G.., FB)

20 Public Federation with Azure

21 Internal authentication AD for corporate users (AD) Extranet with external authentication Collaboration by Role Incoming Groups Mapped to Roles Separating by Roles (Sales, Legal and Portal Users) Audience: Private Federation for Partners (ADFS) Read Only + Audience: Consumer ID for customers (Live, G.., FB)

22 Custom Claims Provider

23 Internal authentication AD for corporate users (AD) Extranet with external authentication Collaboration by Role Incoming Groups Mapped to Roles Separating by Roles (Sales, Legal and Portal Users) Audience: Private Federation for Partners (ADFS) Read Only + Audience: Consumer ID for customers (Live, G.., FB) BONUS – FB Group Claim Provider

24 SharePoint Federation Gateway

25

26

27

28

29

30

Download ppt "Key Point: Federation relationships are based on trust."

Similar presentations

Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Office 365 Identity Federation Technology Deep-Dive

Office 365 Identity Federation Technology Deep-Dive
Bert Jan van der Steeg SharePoint Consultant

Bert Jan van der Steeg SharePoint Consultant
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
 Rich Randall Development Lead Microsoft Corporation BB44.

 Rich Randall Development Lead Microsoft Corporation BB44.
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.

| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | CEH | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | CEH | | |
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Implementing and Administering AD FS

Implementing and Administering AD FS
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft

SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,

Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,
Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services

Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.

 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.

Similar presentations

Ads by Google