SlideShare uma empresa Scribd logo

Claims Based Authentication in SharePoint 2010

Transferir como PPTX, PDF
Jonathan Schultz
Jonathan Schultz

This document provides an overview of claims-based authentication in SharePoint 2010. It defines what claims are and why one would use claims-based authentication. It describes the basic claims-based architecture including security token services, security assertion markup language, and the Windows identity framework. It also covers trusted identity providers, claims development tasks, and some realities of implementing claims-based authentication.

Tecnologia
1 de 14
Claims-Based Authentication SharePoint 2010 Jonathan Schultz (@SharePointValue) Skyline Technologies, Inc. 11/15/2011
About Skyline Technologies • Leading Microsoft solutions provider – Develops and tailors IT applications to meet the business and technical objectives of customers – Serves clients in the manufacturing and retail to healthcare, transportation, and logistics industries • Microsoft Partner with Gold competencies in Business Intelligence, Content Management, Portals and Collaboration, and Web Development and Silver competencies in Data Platform, Project and Portfolio Management, Search, and Software Development. • Provides a pathway to speed your company toward its vision. • Recognized by businesses nationwide as a team of smart, experienced people and a Microsoft Gold Certified Partner organization specializing in adapting Microsoft solutions to individual client’s needs.
Agenda • What are Claims? • Why would you use them? • Claims-Based Authentication – Basic Architecture – Trusted Identity Providers – Advanced Concepts • Claims Development Tasks • Reality of Claims Based Authentication • Reference Materials
What are Claims? • Attributes about a User • Need to Come from Someone You Trust • Driver’s License Example – Trusted Provider = State of Wisconsin – Claims • Name = Jonathan Schultz • Age = 35 • Organ Donor = No
Why Use Claims? • Claim Augmentation – Security Groups from Active Directory – HRMS/CRM Attributes • Title/Role • Federation – Partner Network • Business to Business – Subsidiaries – Web 2.0 (Windows Live, Facebook, etc.) • Advanced Authentication & Authorization
Basic Claims Scenario
Claims Based Architecture
Terminology • Security Token Service (STS) – Identity Provider (IP-STS) – Relying Party (RP-STS) • Security Assertion Markup Language (SAML) • Windows Identity Framework (formerly Geneva) • Trusted Login Provider
Under the Covers
Claims-to-Windows Token Service
Claims Based Architecture Notes • New in SharePoint 2010 • Authentication Prompt for Multiple Providers • All Intra/Inter Farm Calls are Claims Based – i.e. Service Applications • Claims-to-Windows Token Service Needed for Some Service Applications, i.e. PerformancePoint Services
Claims Development Tasks • Custom Login Pages – Extranet Scenarios – Branding – “Remember Me” Capability – Home Realm Discovery • Custom Claim Providers – Claims Augmentation – Claims Picking / Resolution • Trusted Login Providers – WIF SDK
Reality of Claims Based Authentication • Claims Authorization uses OR logic, not AND – Scenario: Authorize US HR User • Location Claim = US • Department Claim = HR • Will also succeed for US IT because of US OR HR • Trusted Identity Providers – Cookie Driven (Watch out for domains/paths) – Time Based Expiration (Server Times) • Claims + Kerberos + SSRS = Problem
Reference Materials • Claims and Security Technical Articles for SharePoint 2010 • Implementing Claims-Based Authentication with SharePoint Server 2010 – White Paper • A Guide to Claims-Based Identity and Access Control – Patterns & Practices • Custom Claims-Based Security in SharePoint 2010 • Steve Peschka’s Blog: Share-n-dipity

Recomendados

WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2
 
Hr helpdesk and open mind profile-2013
Hr helpdesk and open mind profile-2013Hr helpdesk and open mind profile-2013
Hr helpdesk and open mind profile-2013
Naveen Gulati
 
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital TransformationWSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2
 
The SUG - Documents & Records Management, Really
The SUG - Documents & Records Management, ReallyThe SUG - Documents & Records Management, Really
The SUG - Documents & Records Management, Really
Liam Cleary [MVP]
 
FinnSys 360
FinnSys 360FinnSys 360
FinnSys 360
aditya72
 
top 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businesstop 5 ways sharepoint can help your business
top 5 ways sharepoint can help your business
McOWLMarketing
 
Sss sak
Sss sakSss sak
Sss sak
HCL Technologies Ltd
 
Sharepoint server 2013 training
Sharepoint server 2013 trainingSharepoint server 2013 training
Sharepoint server 2013 training
FuturePoint Technologies
 

Recomendados

WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2
 
Hr helpdesk and open mind profile-2013
Hr helpdesk and open mind profile-2013Hr helpdesk and open mind profile-2013
Hr helpdesk and open mind profile-2013
Naveen Gulati
 
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital TransformationWSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation
WSO2
 
The SUG - Documents & Records Management, Really
The SUG - Documents & Records Management, ReallyThe SUG - Documents & Records Management, Really
The SUG - Documents & Records Management, Really
Liam Cleary [MVP]
 
FinnSys 360
FinnSys 360FinnSys 360
FinnSys 360
aditya72
 
top 5 ways sharepoint can help your business
top 5 ways sharepoint can help your businesstop 5 ways sharepoint can help your business
top 5 ways sharepoint can help your business
McOWLMarketing
 
Sss sak
Sss sakSss sak
Sss sak
HCL Technologies Ltd
 
Sharepoint server 2013 training
Sharepoint server 2013 trainingSharepoint server 2013 training
Sharepoint server 2013 training
FuturePoint Technologies
 
OpenDJ - An Introduction
OpenDJ - An IntroductionOpenDJ - An Introduction
OpenDJ - An Introduction
ForgeRock
 
Satheesh.G_IDM
Satheesh.G_IDMSatheesh.G_IDM
Satheesh.G_IDM
satheesh64
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite Overview
EmpowerID
 
Career Fairs - June 2017 - Białystok - KarieraIT
Career Fairs - June 2017 - Białystok - KarieraITCareer Fairs - June 2017 - Białystok - KarieraIT
Career Fairs - June 2017 - Białystok - KarieraIT
ukaszSkowroski
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM Architecture
Aidy Tificate
 
OpenIDM - An Introduction
OpenIDM - An IntroductionOpenIDM - An Introduction
OpenIDM - An Introduction
ForgeRock
 
Universal digital - Vedran's slides for mock review board
Universal digital - Vedran's slides for mock review boardUniversal digital - Vedran's slides for mock review board
Universal digital - Vedran's slides for mock review board
gemziebeth
 
How a virtual directory works
How a virtual directory worksHow a virtual directory works
How a virtual directory works
mariekings001
 
Mobilizing Microsoft SharePoint Server: An MBaaS PErspective
Mobilizing Microsoft SharePoint Server: An MBaaS PErspectiveMobilizing Microsoft SharePoint Server: An MBaaS PErspective
Mobilizing Microsoft SharePoint Server: An MBaaS PErspective
kidozen
 
SOA - Unit 2 - Service Oriented Architecture
SOA - Unit 2 - Service Oriented ArchitectureSOA - Unit 2 - Service Oriented Architecture
SOA - Unit 2 - Service Oriented Architecture
hamsa nandhini
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm Workshop
Mohamed Atef
 
Foreign Exchange CRM
Foreign Exchange CRMForeign Exchange CRM
Foreign Exchange CRM
Knowledgetech
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
DLT Solutions
 
Oracle web center suit
Oracle web center suitOracle web center suit
Oracle web center suit
kumar gaurav
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
Jonathan Schultz
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Joris Poelmans
 
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User ProvisioningEnvision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision IT
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
Brian Culver
 
SharePoint Custom Development
SharePoint Custom DevelopmentSharePoint Custom Development
SharePoint Custom Development
C/D/H Technology Consultants
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and Authorization
Edin Kapic
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision IT
 
Katpro general portfolio - industry based
Katpro general portfolio - industry basedKatpro general portfolio - industry based
Katpro general portfolio - industry based
Katpro Technologies Pvt Ltd
 

Mais conteúdo relacionado

Mais procurados

Satheesh.G_IDM
Satheesh.G_IDMSatheesh.G_IDM
Satheesh.G_IDM
satheesh64
 
How a virtual directory works
How a virtual directory worksHow a virtual directory works
How a virtual directory works
mariekings001
 
Mobilizing Microsoft SharePoint Server: An MBaaS PErspective
Mobilizing Microsoft SharePoint Server: An MBaaS PErspectiveMobilizing Microsoft SharePoint Server: An MBaaS PErspective
Mobilizing Microsoft SharePoint Server: An MBaaS PErspective
kidozen
 

Mais procurados (14)

OpenDJ - An Introduction
OpenDJ - An IntroductionOpenDJ - An Introduction
OpenDJ - An Introduction
 
Satheesh.G_IDM
Satheesh.G_IDMSatheesh.G_IDM
Satheesh.G_IDM
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite Overview
 
Career Fairs - June 2017 - Białystok - KarieraIT
Career Fairs - June 2017 - Białystok - KarieraITCareer Fairs - June 2017 - Białystok - KarieraIT
Career Fairs - June 2017 - Białystok - KarieraIT
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM Architecture
 
OpenIDM - An Introduction
OpenIDM - An IntroductionOpenIDM - An Introduction
OpenIDM - An Introduction
 
Universal digital - Vedran's slides for mock review board
Universal digital - Vedran's slides for mock review boardUniversal digital - Vedran's slides for mock review board
Universal digital - Vedran's slides for mock review board
 
How a virtual directory works
How a virtual directory worksHow a virtual directory works
How a virtual directory works
 
Mobilizing Microsoft SharePoint Server: An MBaaS PErspective
Mobilizing Microsoft SharePoint Server: An MBaaS PErspectiveMobilizing Microsoft SharePoint Server: An MBaaS PErspective
Mobilizing Microsoft SharePoint Server: An MBaaS PErspective
 
SOA - Unit 2 - Service Oriented Architecture
SOA - Unit 2 - Service Oriented ArchitectureSOA - Unit 2 - Service Oriented Architecture
SOA - Unit 2 - Service Oriented Architecture
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm Workshop
 
Foreign Exchange CRM
Foreign Exchange CRMForeign Exchange CRM
Foreign Exchange CRM
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 
Oracle web center suit
Oracle web center suitOracle web center suit
Oracle web center suit
 

Semelhante a Claims Based Authentication in SharePoint 2010

SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
Jonathan Schultz
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Joris Poelmans
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
Liam Cleary [MVP]
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptx
zmulani8
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
WSO2
 
Tl Resume Aug11
Tl Resume Aug11Tl Resume Aug11
Tl Resume Aug11
TomLawson
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
Morgan Simonsen
 

Semelhante a Claims Based Authentication in SharePoint 2010 (20)

SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User ProvisioningEnvision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
 
SharePoint Custom Development
SharePoint Custom DevelopmentSharePoint Custom Development
SharePoint Custom Development
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and Authorization
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
 
Katpro general portfolio - industry based
Katpro general portfolio - industry basedKatpro general portfolio - industry based
Katpro general portfolio - industry based
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptx
 
Extending Authentication and Authorization
Extending Authentication and AuthorizationExtending Authentication and Authorization
Extending Authentication and Authorization
 
ODell - Resume
ODell - ResumeODell - Resume
ODell - Resume
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
 
Tl Resume Aug11
Tl Resume Aug11Tl Resume Aug11
Tl Resume Aug11
 
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
 
Sharepoint & Dynamics CRM
Sharepoint & Dynamics CRMSharepoint & Dynamics CRM
Sharepoint & Dynamics CRM
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over Perimeter
 

Mais de Jonathan Schultz

Using InfoPath 2010 to Manage Data
Using InfoPath 2010 to Manage DataUsing InfoPath 2010 to Manage Data
Using InfoPath 2010 to Manage Data
Jonathan Schultz
 
SharePoint Business Intelligence (BI)
SharePoint Business Intelligence (BI)SharePoint Business Intelligence (BI)
SharePoint Business Intelligence (BI)
Jonathan Schultz
 

Mais de Jonathan Schultz (7)

Modernize Solutions with SharePoint & the Power Platform
Modernize Solutions with SharePoint & the Power PlatformModernize Solutions with SharePoint & the Power Platform
Modernize Solutions with SharePoint & the Power Platform
 
Office 365 Change Management
Office 365 Change ManagementOffice 365 Change Management
Office 365 Change Management
 
Microsoft Enterprise Collaboration Solutions
Microsoft Enterprise Collaboration SolutionsMicrosoft Enterprise Collaboration Solutions
Microsoft Enterprise Collaboration Solutions
 
Preparing for SharePoint 2013
Preparing for SharePoint 2013Preparing for SharePoint 2013
Preparing for SharePoint 2013
 
Using InfoPath 2010 to Manage Data
Using InfoPath 2010 to Manage DataUsing InfoPath 2010 to Manage Data
Using InfoPath 2010 to Manage Data
 
SharePoint Design & Development
SharePoint Design & DevelopmentSharePoint Design & Development
SharePoint Design & Development
 
SharePoint Business Intelligence (BI)
SharePoint Business Intelligence (BI)SharePoint Business Intelligence (BI)
SharePoint Business Intelligence (BI)
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Claims Based Authentication in SharePoint 2010

  • 1. Claims-Based Authentication SharePoint 2010 Jonathan Schultz (@SharePointValue) Skyline Technologies, Inc. 11/15/2011
  • 2. About Skyline Technologies • Leading Microsoft solutions provider – Develops and tailors IT applications to meet the business and technical objectives of customers – Serves clients in the manufacturing and retail to healthcare, transportation, and logistics industries • Microsoft Partner with Gold competencies in Business Intelligence, Content Management, Portals and Collaboration, and Web Development and Silver competencies in Data Platform, Project and Portfolio Management, Search, and Software Development. • Provides a pathway to speed your company toward its vision. • Recognized by businesses nationwide as a team of smart, experienced people and a Microsoft Gold Certified Partner organization specializing in adapting Microsoft solutions to individual client’s needs.
  • 3. Agenda • What are Claims? • Why would you use them? • Claims-Based Authentication – Basic Architecture – Trusted Identity Providers – Advanced Concepts • Claims Development Tasks • Reality of Claims Based Authentication • Reference Materials
  • 4. What are Claims? • Attributes about a User • Need to Come from Someone You Trust • Driver’s License Example – Trusted Provider = State of Wisconsin – Claims • Name = Jonathan Schultz • Age = 35 • Organ Donor = No
  • 5. Why Use Claims? • Claim Augmentation – Security Groups from Active Directory – HRMS/CRM Attributes • Title/Role • Federation – Partner Network • Business to Business – Subsidiaries – Web 2.0 (Windows Live, Facebook, etc.) • Advanced Authentication & Authorization
  • 8. Terminology • Security Token Service (STS) – Identity Provider (IP-STS) – Relying Party (RP-STS) • Security Assertion Markup Language (SAML) • Windows Identity Framework (formerly Geneva) • Trusted Login Provider
  • 11. Claims Based Architecture Notes • New in SharePoint 2010 • Authentication Prompt for Multiple Providers • All Intra/Inter Farm Calls are Claims Based – i.e. Service Applications • Claims-to-Windows Token Service Needed for Some Service Applications, i.e. PerformancePoint Services
  • 12. Claims Development Tasks • Custom Login Pages – Extranet Scenarios – Branding – “Remember Me” Capability – Home Realm Discovery • Custom Claim Providers – Claims Augmentation – Claims Picking / Resolution • Trusted Login Providers – WIF SDK
  • 13. Reality of Claims Based Authentication • Claims Authorization uses OR logic, not AND – Scenario: Authorize US HR User • Location Claim = US • Department Claim = HR • Will also succeed for US IT because of US OR HR • Trusted Identity Providers – Cookie Driven (Watch out for domains/paths) – Time Based Expiration (Server Times) • Claims + Kerberos + SSRS = Problem
  • 14. Reference Materials • Claims and Security Technical Articles for SharePoint 2010 • Implementing Claims-Based Authentication with SharePoint Server 2010 – White Paper • A Guide to Claims-Based Identity and Access Control – Patterns & Practices • Custom Claims-Based Security in SharePoint 2010 • Steve Peschka’s Blog: Share-n-dipity