Presentation is loading. Please wait.

Presentation is loading. Please wait.

Claims Based Authentication

Published byMargery Bell Modified over 9 years ago

Similar presentations

Presentation on theme: "Claims Based Authentication"— Presentation transcript:

1 Claims Based Authentication
Using ADFS 2.0 Presented By: Shannon Bray

2 Shannon Bray Twitter: @NoIdentity29
MCT, MCPD, MCITP, MCTS, MCAD, MCDBA MCM Candidate (Oct Rotation) Technical Architect – Planet Technologies Colorado SharePoint Users Group (COSPUG)

3 Clayton Cobb Twitter: @Warrtalon
MVP, MCITP, MCTS Technical Architect – Planet Technologies Colorado SharePoint Users Group (COSPUG)

4 Agenda Introduction to CBA How does ADFS 2.0 Come Into Play?
Farm Configurations Step by Step Common Pitfalls Questions and Answers

5 What is CBA? “Geneva” is Microsoft’s next generation identity and access management platform built on Active Directory® directory services. “Geneva” provides claims-based access and single sign-on for on-premises and cloud-based applications in the enterprise, across organizations, and on the Web. “Geneva” leverages claims which describe identity attributes and can be used to drive application and other system behaviors with an open architecture that implements the industry’s shared Identity Metasystem vision.”

6 Benefits Supports Existing Identity Infrastructure
Active Directory LDAP, SQL Federation Gateways WebSSO and Identity Management Systems Enables Automatic, Secure Identity Delegation Supports “no credential” connections to external web services Consistent API to develop SharePoint Solutions

7 Identity What is Identity? What is a Claim?
Set of attributes to describe a user such as name, , age, group membership, etc. What is a Claim? Some authority that claims to have the attribute and its value

8 User Identity is a set of Claims
Why we say “claim” and not “attribute”? FaceBook & DOL have the age attribute FaceBook claims that I am 18, while DOL claims I am 38. If a claim was based on age, which would you trust?

9 User Identity is a set of Claims
Why we say “claim” and not “attribute”? FaceBook & DOL have the age attribute FaceBook claims that I am 18, while DOL claims I am 38. If a claim was based on age, which would you trust?

10 Identity Normalization
Classic Claims NT Token NT Token ASP.NET SAML 1.1 SAML Token (CBA) SP USER

11 The Authentication Process

12 How does ADFS 2.0 Come Into Play?

13 Farm Configurations Internal (Corp) External ADFS 2.0 AD w/ DNS
SharePoint 2010 SQL External

14 Step by Step ADFS 2.0 Wizard Server Certificates

15 Step by Step - Demo

16 Common Pitfalls Kerberos SPTITI ADFS 2.0 Settings Not So Random Errors

17 The Short Story CBA ADFS 2.0 Common Pitfalls

18 Questions and Answers?

19 THANK YOU!!!

Download ppt "Claims Based Authentication"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
Dan Usher Joel Ward. Who we are… What we’ve seen… Security Concerns in today’s world Why SmartCards? Authentication & Authorization of SharePoint IIS.

Dan Usher Joel Ward. Who we are… What we’ve seen… Security Concerns in today’s world Why SmartCards? Authentication & Authorization of SharePoint IIS.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.

TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.
Implementing and Administering AD FS

Implementing and Administering AD FS
Eric Raff. Usergroup up

Eric Raff. Usergroup up
SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue

SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue
Identity & Access Management Conversation Karlien Vanden Eynde Product Marketing Manager.

Identity & Access Management Conversation Karlien Vanden Eynde Product Marketing Manager.
Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services

Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Microsoft Certification Exam Coaching Session: 70-631 Windows SharePoint Services 3.0, Configuring.

Microsoft Certification Exam Coaching Session: Windows SharePoint Services 3.0, Configuring.
MCTS: Pass one of 24 exams (a few require more). Multiple counters are 70-506 70-511 70-513 70-516 70-573 70-662 70- 667 and 70-680. You can also choose.

MCTS: Pass one of 24 exams (a few require more). Multiple counters are and You can also choose.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Single Sign-on Integration (SSI) MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza.

Single Sign-on Integration (SSI) MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza.

Similar presentations

Ads by Google