Presentation is loading. Please wait.

Presentation is loading. Please wait.

0 Who Are You and What Do You Want? Working with Oauth in SharePoint 2013 Eric Shupps SharePoint MVP.

Published byShanon Parrish Modified over 9 years ago

Similar presentations

Presentation on theme: "0 Who Are You and What Do You Want? Working with Oauth in SharePoint 2013 Eric Shupps SharePoint MVP."— Presentation transcript:

1 0 Who Are You and What Do You Want? Working with Oauth in SharePoint 2013 Eric Shupps SharePoint MVP

2 1 Welcome to SharePoint Saturday Houston Please turn off all electronic devices or set them to vibrate If you must take a phone call, please do so in the hall so as not to disturb others Special thanks to our Title Sponsor, ProSymmetry Thank you for being a part of the 5 th Annual SharePoint Saturday for the greater Houston area!

3 2 Thanks to all our Sponsors!

4 3 Information Speaker presentation slides should be available from the SPSHOU website within a week or so The Houston SharePoint User Group will be having it’s next meeting Wednesday April 15 th. Please join us at www.h-spug.org

5 4 About Me CKS:DEV The SharePoint Cowboy Patterns & Practices Eric Shupps www.sharepointcowboy.comeshupps@binarywave.comfacebook.com/sharepointcowboy@eshupps

6 5 Introduction Agenda Fundamentals Application Implementation

7 6 INTRODUCTION

8 7 Open standard for app integration and authorization Authentication independent “Valet Key” – Access – Permissions What is OAuth?

9 8 What OAuth is NOT

10 9 Why do we need it?

11 10 Security

12 11 Fundamentals

13 12 Roles Resource Owner Grants access to a protected resource Resource Server Hosts the protected resource and accepts access requests Client Application making protected resource requests on behalf of the resource owner Authorization Server Issues access tokens

14 13 Flow Client Resource Owner Authorization Server Resource Server Authorization Request Authorization Grant Access Token Protected Resource

15 14 Three Legged AuthorizationUserApp Provider User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Request Token Provider returns access token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 3

16 15 Two Legged AuthorizationUserApp Provider User requests access App requests Access Token Provider returns Access Token App builds auth link w/ Access Token User requests URL + Access Token App validates access token Access token validated User granted access 1 2

17 16 Implementation

18 17 Overview

19 18 Manages identity information for principals (STS) Identity Provider Handles requests for trusted identity claims Security Token Service Identity provider associated with a web application Identity Token Issuer Trusted resource (farm, server, etc.) Security Token Issuer Resource information and signing certificate (JSON) Metadata Endpoint Used to request permission to protected resource Request Token Used by App to access resource on behalf of user Access Token Operation scope for authorization Realm Cloud-based security token service (IP-STS) Azure ACS Concepts

20 19 Scenarios

21 20 Platforms

22 21 Configuration - Certificates Consumer Export Root & STS Certificates Copy Certificates Import root certificate(s) and create trusted root authority Provider Export Root Certificate Copy Certificates Import STS Certificate Create Trusted Service Token Issuer Import root certificate(s) and create trusted root authority

23 22 Configuration - Metadata ConsumerProvider Create Trusted Root Authority Set Authentication Realm Create Trusted Security Token Issuer Create App Principals Create Trusted Root Authority Create Trusted Security Token Issuer

24 23 Application

25 24 SharePoint Authorization Process

26 25 Context App establishes context SP validates S2S trust App requests access token from SP Browser POSTS parameters to App SP returns parameters User browses to App On Premise App establishes context ACS provides access token App requests access token from ACS Browser POSTS request token to app SP sends request tokens to browser SP gets request token from ACS User browses to app Online 1 23 4 5 6 7 89

27 26 Token Management On Premise Online Establish client context Get access token with S2S Get claims from Windows identity Get request parameters Get client context from SP with access token Get access token Read and validate context token Parse out Context Token Get POST parameters from SP

28 27 On-Premise ACS Trust via O365

29 28 DEMO SharePoint App Authorization Process

30 29 Request Token { "aud": "c7f21d1e-95df-41df-a2e0-a2e29ad2f62b/localhost:44305@ 2ae1caa2-a173-4989-b8f5-9da45655b8f4", "iss": "00000001-0000-0000-c000-000000000000@ 2ae1caa2-a173-4989-b8f5-9da45655b8f4", "nbf": 1398292956, "exp": 1398336156, "appctxsender": "00000003-0000-0ff1-ce00-000000000000@ 2ae1caa2-a173-4989-b8f5-9da45655b8f4", "appctx": "{\"CacheKey\":\"082e7cPwbER/1hDi2XQ9knd0+yBxexLQr4NGa2/OeQ8=\",\"Securi tyTokenServiceUri\": \"https://accounts.accesscontrol.windows.net/tokens/OAuth/2\"}", "refreshtoken": "IAAAAL- NR6oQnFU49avbpq7mAhglyGqBvmT3YF8_DGO88fIAIXioxAllnYe0XHr- rb_RDk8X8iqc4gmcyBjpV8E-uVgRG9d6j- IvQQ8qtk2acNXaJ3JpuFKNRhAJoOGOep1i3XGi5jX3Z1u5MzyjmHv2VBGJFEhYtc99TGlZTD IFTqlJmDcxcMAjLZWnY5sMBr-B5IRvl5Cw6l2hvqolj3R2hJ9mPDpVQ4l0l- v28wK6OLi57wPpKAUWlbcRCxmC6oGggdkkF2OEoxujZvZSCCG05YQaS2Z1w_Gphgu5kcYfwV U27bAYfsq3TcA8W0sIt_lUxvD3Lg3mGLr_X5JoTw-t28g", "isbrowserhostedapp": "true" } Client IDApp URL Tenant ID Azure ACS Start End SharePoint Tenant ID User ID + Issuer + App + Realm IP-STS URL Browser or Event Receiver Token sent to IP-STS (Azure ACS)

31 30 Access Token { "typ":"JWT" "alg":"RS256" "x5t":"kriMPdmBvx68skT8-mPAB3BseeA"}.{"aud": "00000003-0000-0ff1-ce00- 000000000000 /binarywaveinc.sharepoint.com@ 2ae1caa2-a173-4989-b8f5-9da45655b8f4" "iss":"00000001-0000-0000-c000-000000000000@ 2ae1caa2-a173-4989-b8f5-9da45655b8f4" "nbf":1400013357 "exp":1400056557 "nameid":"1003000086ad02d6" "actor":"c90047b7-392a-42e7-8c52-65afa92e5d0d@ 2ae1caa2-a173-4989-b8f5-9da45655b8f4" "identityprovider":"urn:federation:microsoftonline“ } SharePoint Host Web Tenant ID Start Azure ACS Tenant ID End Tenant ID UPN STS ID

32 31 DEMO Decoding Authorization Tokens

33 32 Resources DescriptionLink OAuth Working Grouphttp://oauth.net/ OAuth Resource Guidehttp://bit.ly/14CWPNb Authorization and authentication for apps in SharePoint 2013http://bit.ly/16f8WFh Setting up an OAuth trust between farms in SharePoint 2013http://bit.ly/12Yr7e3 Plan for server-to-server authentication in SharePoint 2013http://bit.ly/1chAgFl What’s new in authentication for SharePoint 2013http://bit.ly/1e6KaYv Creating High-Trust apps with S2Shttp://bit.ly/18RL8uL Using O365 to Authorize On-Premise Appshttp://bit.ly/1fvv1Bo Demoshttp://bit.ly/1z6gohH Slideshttp://bit.ly/1FygEIz

34 33 Please Leave Feedback During Q&A Speakers: If you want to get feedback on your talk, put the shortened link and the QR code on this page. Instructions on how to get your link and QR code are at: bit.ly/spshou2015decktemplatebit.ly/spshou2015decktemplate Also, please upload your completed deck to our Onedrive folder: bit.ly/spshou2015deckuploadsbit.ly/spshou2015deckuploads

Download ppt "0 Who Are You and What Do You Want? Working with Oauth in SharePoint 2013 Eric Shupps SharePoint MVP."

Similar presentations

Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
1 Customizing Search Result In SharePoint 2013 Chaitra Gopalakrishna.

1 Customizing Search Result In SharePoint 2013 Chaitra Gopalakrishna.
0 Session Title Speaker Name. 1 Welcome to SharePoint Saturday Houston Please turn off all electronic devices or set them to vibrate. If you must take.

0 Session Title Speaker Name. 1 Welcome to SharePoint Saturday Houston Please turn off all electronic devices or set them to vibrate. If you must take.
0 Leveraging External Data In SharePoint John Ramminger.

0 Leveraging External Data In SharePoint John Ramminger.
1 SharePoint 2013 Catalog Sites Brian Culver Build a SharePoint 2013 Search Driven Application.

1 SharePoint 2013 Catalog Sites Brian Culver Build a SharePoint 2013 Search Driven Application.
0 What is Project Online and why should I care? Treb Gatte, MBA, MCP, MCTS, Project MVP.

0 What is Project Online and why should I care? Treb Gatte, MBA, MCP, MCTS, Project MVP.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Silver SponsorsGold Sponsors Bronze Sponsors SharePoint App Model Redefine your SharePoint Customisation Erwin Tsai SharePoint Solution Architect Techfly.

Silver SponsorsGold Sponsors Bronze Sponsors SharePoint App Model Redefine your SharePoint Customisation Erwin Tsai SharePoint Solution Architect Techfly.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Microsoft ® Official Course Developing Remote-hosted Apps for SharePoint Microsoft SharePoint 2013 SharePoint Practice.

Microsoft ® Official Course Developing Remote-hosted Apps for SharePoint Microsoft SharePoint 2013 SharePoint Practice.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
Fraser Technical Solutions, LLC

Fraser Technical Solutions, LLC
App development in SharePoint 2013 LIVE Introducing Cloud App Model Cloud-hosted Apps Experiences from the Field.

App development in SharePoint 2013 LIVE Introducing Cloud App Model Cloud-hosted Apps Experiences from the Field.
SIM402. Kerberos, NTLM, Basic, Digest, Forms?

SIM402. Kerberos, NTLM, Basic, Digest, Forms?
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.

SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.

Similar presentations

Ads by Google