Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Claims based authentication with SharePoint

Published byDonald Alexander Modified over 8 years ago

Similar presentations

Presentation on theme: "Using Claims based authentication with SharePoint"— Presentation transcript:

1 Using Claims based authentication with SharePoint
Nauzad Kapadia

2 Identity and Identity Providers
Digital Persona Composed of attributes/identifiers Examples: Active Directory, Database, Directory Services Can be proved by providing Claims Attribute Value Display Name Chris Gideon Address User Name Contoso\cgideon Title Senior PFE

3 What is a Claim? Information about an identity… Example: Airport
Issuer: Department of Public Safety Issuer: Air Line Full Name Name Number Frequent flyer number Address Flight number Citizenship Seating priority Date of birth Gate Date of issue Seat number Date of expiration Sex bar code and/or the magnetic strip Picture Information about an identity… Example: Airport Ticket counter Verification Boarding Pass Issued Security Check point Boarding

4 Issuers and Security Tokens
Issues security tokens Collection of claims Formats SAML Signing

5 Security Token Service (STS)
Web Service that issues claims and packages security tokens. Supports multiple credential types IP-STS and RP-STS. An IP-STS is an STS that issues tokens that can be used to request service tokens from RP-STSs. An RP-STS can also consume other types of tokens (or credentials), for example an NT token that comes from the domain controller or the (KDC) STSs can be chained

6 Relying Party An application that relies on claims
claims-based application. Relying Party Security Token Service (RP-STS)

7 Department of Public Safety
Example - The Airport Birth Records Department of Public Safety Airline Trust Gate Agent Drivers License Drivers License Need Drivers License Boarding Pass Boarding Pass

8 SharePoint as a Claims-based application
SharePoint STS is always relying party STS Built on Windows Identity Foundation (WIF) Multiple authentication types Identity Provider neutral Configured via Central Admin or PowerShell Delegation of user identity between applications.

9 SharePoint Claims Overview
IP-STS SharePoint STS Trust Web App Issue token Send token Issue token Authenticate Send token Send Cookie

10 Browser-based sign-in
Issuer Active Directory Get / 302 AuthN SAML Token Post Process Token Cookie Cookie Process Claims 302

11 Identity Normalization
-Classic -Claims NT Token Windows Identity NT Token Windows Identity ASP.Net (FBA) SAL, LDAP, Custom … SAML ADFS, Ping, etc. SAML Token Claims Based Identity SPUser

12 Claims Providers Retrieve and expose claims Deployed via WSP
For augmentation Insert claims into the Security Token For setting permissions give access to “all PMs with blue eyes” Deployed via WSP

13 Forms Based Authentication
Exposed through Claims Mode Implemented as a Claims Provider Upgrade Inplace – ACLS updated, web.config not DBAttach – ACLs updated, no need to update config Provider Neutral e.g. SQL, LDAP etc

14 What changed in FBA FBA users are exposed through Claims
Claims identity is created instead of generic identity STS talks to membership provider to validate user and issues a claims token ValidateUser() must be implemented by membership providers Roles are converted to claims Mixed mode environments

15

Download ppt "Using Claims based authentication with SharePoint"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.

SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.
AttributeValue Display NameChris Gideon User NameContoso\cgideon TitleSenior PFE.

AttributeValue Display NameChris Gideon User NameContoso\cgideon TitleSenior PFE.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number 09-017 Norman F. Brickman, Roger.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue

SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue
Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services

Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
Managing Identity and Permissions

Managing Identity and Permissions
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
SharePoint Server 2013 Architecture and Identity www.netcomlearning.com.

SharePoint Server 2013 Architecture and Identity
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…

Similar presentations

Ads by Google