3. Solution Architect @ SusQtech (Winchester, VA) SharePoint MVP since 2007 Working with SharePoint since 2001 Work on all types of deployments Dream about SharePoint….Honestly sometimes I do I like to “hack” stuff

8. 1.Resource Requested 2.AuthN Request / Redirect 3.AuthN Request 4.Security Token 5.Security Token Request 6.Service Token 7.Resource Request w/Service Token 8.Resource Sent Identity Provider Security Token Service aka IP-STS SharePoint aka RP

11. Identity Issuer Claims

12. Transformation Augmentation In Out In Out Identity Platform Sent Claims Federation Gateway SharePoint SP Security Site Access Add Claims Claims Mappings

15. i:0#.f|membershipprovider|user Identity Claim Reserved Forms Type: String User Login Name Account Provider Name

16. i:0#.w|domain\user Identity Claim Reserved Windows Type: String User Login Name Account

17. Provider Name i:05.t|azure|me@email.com Identity Claim Reserved Trusted Identity Type: String Email Type Email

21. 1.Resource Requested 2.Detects Hosted App 3.Signed Token Returned 4.iFrame Rendered with Signed Token 5.Request Made for Hosted Web App 6.Context Token Validation / Client Secret Issued 7.Cache Access Token 8.Token Issued with Code / Resource Retrieved STS (Azure ACS) SharePoint Hosted Web

39. MySPC