Presentation is loading. Please wait.

Presentation is loading. Please wait.

TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.

Similar presentations


Presentation on theme: "TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA."— Presentation transcript:

1 TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA

2 Agenda 1 - Demonstrations 2 - Explanations 3 - Story Questions

3 1 : Authentication Connect to a web application Connect to Sharepoint Connect to Outlook Web Access

4 1 : SharePoint authZ A MS Word use case – From the desktop – From SharePoint Set authorization in SharePoint

5 Explanations

6 SharePoint STS SharePoint STS 2 : SharePoint ADFS 2.0 WS Fed. SAML 2.0

7 2 : Outlook Web Access ADFS 2.0 Kerberos SAML 2.0 Mapping C2WTS

8 2 : ADFS manipulation Map shibboleth attribute Map OWA user

9 Story Claim based access control microsoft.identityModel

10 3 : WIF Core claims API (microsoft.identityModel) SAML Token WS Federation protocol SAML 2.0 protocol with Safewhere

11 3 : WIF compatibility IsInRole works ( web.config declaration )

12 3 : WIF programming IClaimsIdentity id =((IClaimsPrincipal)Thread.CurrentPrincipal).Identities[0]; // you can use a simple foreach loop to find a claim... string users = null; foreach (Claim c in id.Claims) { if (c.ClaimType == System.IdentityModel.Claims.ClaimTypes. ) { Users = c.Value; break; } // you can also use LINQ to find a claim string usersFirstName = (from c in id.Claims where c.ClaimType == System.IdentityModel.Claims.ClaimTypes.GivenName select c).First().Value;

13 3 : ADFS 2.0 Uses SAML 2.0 Protocol – Liberty alliance IdP Lite – Liberty alliance SP Lite – eGov SAML 2.0 Profile v1.5 Uses WS-* Protocol Interoperate with Oracle, CA, SUN, Shibboleth, PingIdentity, … Is a separate download !

14 3 : ADFS 2.0 architecture Configuration Database Account & Attribute Stores

15 3 : Terminologies AD FS 2.0SAML 2.0 Security TokenAssertion ClaimsAssertion Attributes Claims ProviderIdentity Provider Relying PartyService Provider Realm Home Discovery (RHD) Security Token Service (STS)

16 3 : Azure ACS ADFS for the cloud Extended interoperability (Oauth, openID, google, facebook, etc.)

17 Conclusion + – Many guides. – AuthZ with claims augmentation. – Claims compatibility with old code. - – Federation metadata

18 ADFS v2 - Guides Sharepoint 2010 Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies Outlook Web Access 2010 Exposing OWA 2010 with AD FS 2.0 to other organizations In Common AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommon Federation

19 Webcast Architecting claims-aware application From N to Z: Authentication and Authorization in Microsoft SharePoint Server Developing Microsoft SharePoint Server 2010 Solutions with Claims Authentication

20 Links at Microsoft Patterns & Practices A guide to claims-based to Identity and Access Control MSDN WIF : C2WTS : IdM : ADFS 2.0 on Technet

21 Questions ? twitter.com/jm_thia

22 Thanks for your attention


Download ppt "TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA."

Similar presentations


Ads by Google