Solution SusQtech (Winchester, VA) SharePoint MVP since 2007 Working with SharePoint since 2001 Work on all types of deployments Dream about SharePoint….Honestly sometimes I do I like to “hack” stuff

1.Resource Requested 2.AuthN Request / Redirect 3.AuthN Request 4.Security Token 5.Security Token Request 6.Service Token 7.Resource Request w/Service Token 8.Resource Sent Identity Provider Security Token Service aka IP-STS SharePoint aka RP

Identity Issuer Claims

Transformation Augmentation In Out In Out Identity Platform Sent Claims Federation Gateway SharePoint SP Security Site Access Add Claims Claims Mappings

i:0#.f|membershipprovider|user Identity Claim Reserved Forms Type: String User Login Name Account Provider Name

i:0#.w|domain\user Identity Claim Reserved Windows Type: String User Login Name Account

Provider Name Identity Claim Reserved Trusted Identity Type: String Type

1.Resource Requested 2.Detects Hosted App 3.Signed Token Returned 4.iFrame Rendered with Signed Token 5.Request Made for Hosted Web App 6.Context Token Validation / Client Secret Issued 7.Cache Access Token 8.Token Issued with Code / Resource Retrieved STS (Azure ACS) SharePoint Hosted Web

MySPC