SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
Download as PPTX, PDF0 likes796 views
![Liam Cleary [MVP], profile picture](https://cdn.slidesharecdn.com/profile-photo-helloitsliam-48x48.jpg?cb=1529509554)
This document discusses authentication options in SharePoint, including Windows authentication, forms-based authentication, and claims-based authentication using security tokens. It explains what claims authentication is and how the sign-in process works when using an identity provider like Azure Active Directory or a third-party provider. The document demonstrates configuring Azure Active Directory as an identity provider and the sign-in process flow. It also discusses factors to consider when choosing an authentication method and identity provider for SharePoint.
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
- 1. Do you claim to be from the Azure sky? Liam Cleary
- 2. About Me • Solution Architect @ SusQtech (Winchester, VA) • SharePoint MVP since 2007 • Working with SharePoint since 2002 • Worked on all kinds of projects • Internet • Intranet • Extranet • Anything SharePoint Really • Involved in Architecture, Deployment, Customization and Development of SharePoint
- 3. You can teach a student a lesson for a day; but if you can teach him / her to learn by creating curiosity, they will continue the learning process as long as they live. Clay P. Bedford
- 4. I am hoping for a different kind of Curiosity today
- 5. Security with SharePoint • Isn't this an oxymoron? Just kidding!!
- 6. Agenda • SharePoint Authentication • What is available? • What is claims authentication? • SharePoint and Claims? • Identity Providers • Azure Control Service • Google, Windows Live ID, Yahoo, Facebook • Custom IDP • What to choose?
- 8. SharePoint Authentication • Multiple Types of Authentication Support • Windows • NTLM • Kerberos • Basic • Anonymous • Digest • Forms-based Authentication • Lightweight Directory Access Protocol (LDAP) • Microsoft SQL Server • ASP.NET Membership and Role Providers • SAML Token-based Authentication • Active Directory Federate Services • 3rd Party Identity Providers • Lightweight Directory Access Protocol (LDAP)
- 9. Authentication – Claims Why introduce Claims Authentication? • Wide Support • Standards Based • WS-Federation 1.1 • WS-Trust 1.4 • SAML Token 1.1 AuthN • Single Sign On • Federation • Already many providers • Microsoft standard approach • Fed up custom coding everything, every time • Gets round (some) Office Integration problems • Easy to configure with little effort • Multiple Web Config changes, Web Application Changes and then of course the actual configuration of your identity provider
- 10. Authentication – Claim Terminology • Identity • Info about a Person or Object (AD, Google, Windows Live, Facebook etc.) • Claim • Attributes of the Identity (User ID, Email, Age etc.) • Token • Binary Representation of Identity • Set of Claims and the Signature • Relying Party (aka RP) • Users Token • Secure Token Service (STS) • Issuer of Tokens for Users
- 11. Authentication – Sign In Process Identity Provider SharePoint 2010 Security Token Service aka RP aka IP-STS 1. Resource Requested 2. AuthN Request / Redirect 3. AuthN Request 4. Security Token 5. Security Token Request 6. Service Token 7. Resource Request w/Service Token 8. Resource Sent
- 12. Authentication – Identity Provider • No need for Membership and Role Provider • Single Sign Built in • Central Managed and Entry point for all Authentication • Utilizes Windows Identity Framework How to build an Identity Provider • Create new ASP.NET Security Token Web Service Web Site • Configure Certificate Settings and Name in <AppSettings> • Check Issuer Name within Certificates MMC • Create new Claims-aware ASP.NET Web Site (testing) • Add STS Reference to Claims-aware ASP.NET Web Site • Set Claims • Test • Real World will need code changes: • Connect to authentication system • Modify Claims • Authentication Logic
- 13. Azure Control Service • Microsoft ADFS Type Cloud Based Service • Central Point for offloading Authentication • Supports SAML 1.1 / SAML 2.0 • Support • Facebook • Google • Windows Live ID • Yahoo • Custom IDP • Open ID type authentication • Support for 3rd Party Integration • Claim Mapping through configuration
- 14. Sign-In Process with Azure ACS & SharePoint 2010 DEMO
- 15. Azure Control Service - ACS
- 16. Azure Control Service - SharePoint
- 17. DEMO
- 18. What to else to know? • Given the choice • Microsoft ADFS • Custom Identity provider • Azure ACS • Multiple Providers • Custom Claims Provider will be needed • If Augmentation of claims is needed from LOB, Custom IDP • All users will experience the “nothing” redirect • Redirect, Redirect and Redirect • SharePoint does not support SAML 2.0 Assertions • For internal LOB for Auth to ACS – maybe overkill • Expose Internal LOB Auth to ACS through provider
- 19. Thanks to our sponsors!
- 20. Thank you & Questions Email: [email protected] Work: http://www.susqtech.com Twitter: @helloitsliam Blog: http://blog.helloitsliam.com