Download presentation
Published bySilvia Scott Modified over 9 years ago
2
101 ways to authenticate with Azure Active Directory
Rory Braybrook M338
4
For cloud authentication, Azure Active Directory has you covered
Microsoft Ignite 2015 4/24/ :04 PM For cloud authentication, Azure Active Directory has you covered © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
5
Overview Protocols Use cases OWIN ADAL WIF Access Panel SaaS
6
Won’t be covering DirSync AADSync AD Connect MFA AAD Proxy
7
Azure AD by the Numbers 86%
Azure AD manages identity data for >5 M organizations 86% of Fortune 500 companies on Microsoft Cloud (Azure, O365, CRM Online and PowerBI) More than 500 M objects hosted on Azure Active Directory 1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every day on Azure AD Every Office 365 and Microsoft Azure customer uses Azure Active directory
8
The Protocols
9
Protocols WS Federation SAML-P 2.0 OAuth2 OpenID Connect
13
WS Federation
14
WS Federation
15
WS Federation
16
WS Federation
17
WS Federation
18
SAML token attributes
19
SAML token attributes
20
SAML-P
21
SAML-P
22
SAML-P
23
SAML-P
24
SAML-P
25
OAuth2
26
OAuth2
27
OAuth2
28
OAuth2
29
OAuth2
30
Manipulate AAD using API
TechEd 2013 4/24/ :04 PM Manipulate AAD using API Use OAuth endpoint to get token AAD Use token in REST call to endpoint Token issued © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
31
ID token (OpenID Connect)
OAuth2 token Access token ID token (OpenID Connect) Refresh token
32
Use cases
33
Authentication scenarios
Browser Web application Web API js Native app Web API Web API Server app Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages video.ch9.ms/teched/2012/na/SIA209.pptx
34
Authentication scenarios
WS-Fed, SAML 2.0, OpenID Connect OAuth 2.0 Browser Web application Web API js OAuth 2.0 Native app OAuth 2.0 Web API Web API Server app OAuth 2.0 OAuth 2.0 Standard-based, http-based protocols for maximum platform reach video.ch9.ms/teched/2012/na/SIA209.pptx
35
VS “Change Authentication”
36
Demo - Lap around VS “Change Authentication”
Microsoft Ignite 2015 4/24/ :04 PM Demo - Lap around VS “Change Authentication” © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
37
Change authentication
38
Change authentication
39
Wrappers around the protocols
OWIN (All) WIF (WS Federation) ADAL (OpenID Connect / OAuth)
40
Demo - Lap around AAD Applications
Microsoft Ignite 2015 4/24/ :04 PM Demo - Lap around AAD Applications © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
41
OWIN OpenID Connect app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() …. }
42
Demo - OWIN – OpenID Connect / WS Federation
Microsoft Ignite 2015 4/24/ :04 PM Demo - OWIN – OpenID Connect / WS Federation © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
43
Demo - OWIN – WS Federation
44
Demo – WIF - WS Federation
45
Open Web Interface for .NET (OWIN) (Identity) vs Windows Identity Foundation (WIF)
46
OWIN WIF Supported with new protocols being added
WS Fed / OpenID Connect / OAuth2 / SAML-P (Community) Invoked via code Easy to do with VS 2013/15 JWT token Microsoft.OWIN WIF Supported WS Fed / SAML-P CTP (deprecated) ASP.NET pipeline Have to “retro-fit” from template or use VS 2010/12 XML token System.IdentityModel
47
OWIN ID WIF Supported with new protocols being added
WS Fed / OpenID Connect / OAuth2 / SAML-P (Community) Invoked via code Easy to do with VS 2013/15 JWT token Microsoft.OWIN WIF Supported WS Fed / SAML-P CTP (deprecated) ASP.NET pipeline Have to “retro-fit” from template or use VS 2010/12 XML token System.IdentityModel
48
Active Directory Authentication Library (ADAL)
49
ADAL Mission statement
TechEd 2013 4/24/ :04 PM ADAL Mission statement The Active Directory Authentication Library (ADAL) is a library meant to help developers to take advantage of Azure Active Directory for enabling client applications to access protected resources © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
50
SDK available on multiple platforms
.NET, iOS, JavaScript, Android, Node.JS, Java, Windows Store, Windows Phone etc. Caching and automatic refresh token Asynchronous support Basis of Graph API and Azure Management Library Now open source
51
Active Directory Authentication Library
string clientId = "[Enter client ID as obtained from Azure Portal]"; string authority = " tenant name]"; string myURI = "[Enter App ID URI of your service]"; AuthenticationContext authContext = new AuthenticationContext(authority); AuthenticationResult result = await authContext.AcquireTokenAsync(myURI, clientId);
52
Demo – Graph API via ADAL with Groups
53
Social
54
ACS
55
IaaS
56
Azure AD as an IDP
57
AAD as an IDP Can federate with 3rd party application not in Gallery via the Access Panel / Custom / SAML-P Can use user name and password via the Access Panel e.g. Twitter Can federate with 3rd party application in Gallery e.g. SalesForce Can federate with e.g. ADFS via metadata
58
Demo – Lap around AAD external applications and the Access Panel
59
Azure AD Passport.js
60
passport-azure-ad is a collection of Passport strategies to help you integrate with Azure Active Directory Includes OpenID Connect, WS-Federation, and SAML-P authentication and authorization Lets you integrate your Node app with Microsoft Azure AD so you can use web single sign-on (WebSSO), Endpoint Protection with OAuth, and JWT token issuance and validation
61
Windows 10
62
https://identity-test. datacomcc. com/Account/SignIn
63
For cloud authentication, Azure Active Directory has you covered
Microsoft Ignite 2015 4/24/ :04 PM For cloud authentication, Azure Active Directory has you covered © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
64
Resources Azure blog - http://azure.microsoft.com/blog/
Ask Premier Field Engineering - Active Directory Team blog - Active Directory Passport plug-in - Microsoft Azure Active Directory Samples and Documentation - Cloud Identity Infographic - Graph Explorer -
65
Related Ignite NZ Sessions
O365 and Azure Active Directory Premium M315 - Wed 10:40 AM Ballroom 2 1 Find me later at… Closing drinks Fri 3:00-4:30pm 2 Enabling AAD to Embrace Windows 10 M326 - Wed 3:10 PM New Zealand 1 3 Identity Management in O365 M362 - Thu 4:30 PM New Zealand 1
66
Resources Microsoft Virtual Academy TechNet & MSDN Flash
4/24/2017 Microsoft Virtual Academy Resources TechNet & MSDN Flash Free Online Learning Subscribe to our fortnightly newsletter Sessions on Demand © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
67
Complete your session evaluation now and be in to win!
4/24/ :04 PM Complete your session evaluation now and be in to win! © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
68
4/24/ :04 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.