Presentation is loading. Please wait.

Presentation is loading. Please wait.

TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.

Published byFerdinand Ezra Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA."— Presentation transcript:

1 TF-EMC2 | Lyon - France | February 2011 SAML 2.0 @ WORK WITH SHAREPOINT, OWA, … Jean Marie THIA

2 Agenda 1 - Demonstrations 2 - Explanations 3 - Story Questions

3 1 : Authentication Connect to a web application Connect to Sharepoint Connect to Outlook Web Access

4 1 : SharePoint authZ A MS Word use case – From the desktop – From SharePoint Set authorization in SharePoint

5 Explanations

6 SharePoint STS SharePoint STS 2 : SharePoint ADFS 2.0 WS Fed. SAML 2.0

7 2 : Outlook Web Access ADFS 2.0 Kerberos SAML 2.0 Mapping C2WTS

8 2 : ADFS manipulation Map shibboleth attribute Map OWA user

9 Story Claim based access control microsoft.identityModel

10 3 : WIF Core claims API (microsoft.identityModel) SAML Token WS Federation protocol SAML 2.0 protocol with Safewhere http://safewhere.net/products/saml-20-for-wif.aspx

11 3 : WIF compatibility IsInRole works ( web.config declaration )

12 3 : WIF programming IClaimsIdentity id =((IClaimsPrincipal)Thread.CurrentPrincipal).Identities[0]; // you can use a simple foreach loop to find a claim... string usersEmail = null; foreach (Claim c in id.Claims) { if (c.ClaimType == System.IdentityModel.Claims.ClaimTypes.Email) { UsersEmail = c.Value; break; } // you can also use LINQ to find a claim string usersFirstName = (from c in id.Claims where c.ClaimType == System.IdentityModel.Claims.ClaimTypes.GivenName select c).First().Value;

13 3 : ADFS 2.0 Uses SAML 2.0 Protocol – Liberty alliance IdP Lite – Liberty alliance SP Lite – eGov SAML 2.0 Profile v1.5 Uses WS-* Protocol Interoperate with Oracle, CA, SUN, Shibboleth, PingIdentity, … Is a separate download !

14 3 : ADFS 2.0 architecture Configuration Database Account & Attribute Stores

15 3 : Terminologies AD FS 2.0SAML 2.0 Security TokenAssertion ClaimsAssertion Attributes Claims ProviderIdentity Provider Relying PartyService Provider Realm Home Discovery (RHD) Security Token Service (STS)

16 3 : Azure ACS ADFS for the cloud Extended interoperability (Oauth, openID, google, facebook, etc.)

17 Conclusion + – Many guides. – AuthZ with claims augmentation. – Claims compatibility with old code. - – Federation metadata

18 ADFS v2 - Guides Sharepoint 2010 Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies http://technet.microsoft.com/en-us/library/adfs2-step-by-step-guides%28WS.10%29.aspx Outlook Web Access 2010 Exposing OWA 2010 with AD FS 2.0 to other organizations http://www.microsoft.com/france/interop/ressources/documents.aspx In Common AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommon Federation http://technet.microsoft.com/en-us/library/adfs2-step-by-step-guides%28WS.10%29.aspx

19 Webcast Architecting claims-aware application http://www.msteched.com/2010/Europe/ARC303 From N to Z: Authentication and Authorization in Microsoft SharePoint Server 2010 http://www.msteched.com/2010/NorthAmerica/OSP311 Developing Microsoft SharePoint Server 2010 Solutions with Claims Authentication http://www.msteched.com/2010/NorthAmerica/OSP306 http://channel9.msdn.com/

20 Links at Microsoft Patterns & Practices A guide to claims-based to Identity and Access Control http://msdn.microsoft.com/en-us/library/ff423674.aspx MSDN WIF : http://msdn.microsoft.com/en-us/library/ee748484.aspx C2WTS : http://msdn.microsoft.com/en-us/library/ee517278.aspx IdM : http://msdn.microsoft.com/en-us/security/aa570351.aspx ADFS 2.0 on Technet http://technet.microsoft.com/en-us/library/adfs2(v=WS.10).aspx

21 Questions ? Jean-Marie.THIA@upmc.fr twitter.com/jm_thia

22 Thanks for your attention

Download ppt "TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA."

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
steve plank “planky” microsoft Lest we forget windows azure appfab

steve plank “planky” microsoft Lest we forget windows azure appfab
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Implementing and Administering AD FS

Implementing and Administering AD FS
Eric Raff. Usergroup up

Eric Raff. Usergroup up
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft

SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
March 15, 2011 Active Directory Federation Services 2.0 Overview InCommon Service Provider Training.

March 15, 2011 Active Directory Federation Services 2.0 Overview InCommon Service Provider Training.
SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue

SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue
Identity & Access Management Conversation Karlien Vanden Eynde Product Marketing Manager.

Identity & Access Management Conversation Karlien Vanden Eynde Product Marketing Manager.
Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services

Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services
Identity & Access Control in the Cloud Sachin Vinod Rathi Architect Advisor, Microsoft Corporation Niraj Bhatt Enterprise Architect, Windows Azure MVP.

Identity & Access Control in the Cloud Sachin Vinod Rathi Architect Advisor, Microsoft Corporation Niraj Bhatt Enterprise Architect, Windows Azure MVP.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
A claims-based Identity Metasystem

A claims-based Identity Metasystem
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Similar presentations

Ads by Google