Claims based authentication in SharePoint 2010 - SharePoint Saturday Vietnam
-
Upload
officience -
Category
Technology
-
view
1.756 -
download
0
description
Transcript of Claims based authentication in SharePoint 2010 - SharePoint Saturday Vietnam
Binh Thanh Nguyen
Solutions Architect and Project Manager
Bamboo Solutions Corporation Vietnam
• Identity and Identity Providers
• Authentication and Authorization
• Identity challenges in SharePoint 2007
• Claims-Based Identity
• Claims-Based Authentication in
Microsoft SharePoint 2010
• Demo
• Q&A
• What is Identity?
– A set of attributes to describe a user
• What is Identity Providers?
– Composed of attributes/identifiers
• Examples:
– Active Directory, Directory Services
• What is Authentication (AuthN)?
–Authentication is the process of
identification and validation of a
user's identity
• What is Authorization (AuthZ)?
–Determines whether that identity
has access to a particular resource such as sites, content, and other
features the user can access.
• Authentication is intertwined within
SharePoint 2007
• Very Complex in doing the
configuration
• Access control only through
attribute providers
So… What is the SOLUTIONS ???
• What is Claims?
– Information
about the user
… such as Full
name, e-mail,
age, group,
etc.
Issuer: Police
Dept.
Issuer: VN
Railway
Full Name Name
ID Number Frequent flyer
number
Address Train number
Regional Bus
Date of birth Seat number
Date of issue Date of issue
Sex
Picture
Trust
Request
ID C
ard
IDC
ard
ID
Card
Tic
ket
Tic
ket
• The service component that builds, signs, and issues security tokens.
• Supports multiple credential types
• Identity Provider STS (IP-STS) and a Relying Party STS(RP-STS).
–An IP-STS is an STS that issues tokens that can be used to request service tokens from RP-STSs.
–An RP-STS can also consume other types of tokens (or credentials), for example an NT token that comes from the domain controller or the (KDC)
• STSs can be chained
• SharePoint STS is always relying party STS
Built on Windows Identity Foundation
(WIF)
• Multiple authentication types
• Identity Provider neutral
–Configured via Central Admin or
PowerShell
• Delegation of user identity between
applications.
Auth
enticate
Issue t
oken S
end to
ken
Issue to
ken
Send to
ken
Send C
ookie
Browser Issuer Active Directory Get /
302
AuthN
SAML Token
Post
Process Token Cookie
Cookie
Process Claims 302
-Classic -Claims
• Support existing identity infrastructure
–Active Directory
– LDAP, SQL
–WebSSO and Identity Management Systems
• Multiple authentication methods per SharePoint Web Application
• Enable automatic, secure identity delegation
–Cross-machines & cross-farm
• Support “no-credential” connections to External web services
• Standards-based and Interoperable
Configure claims-based authentication
using Windows Live ID
• MSDN and Technet: – http://technet.microsoft.com/en-
us/library/ff973117.aspx#section3
– http://blogs.technet.com/b/ritaylor/archive/2009/06/03/claims-based-authentication-an-overview.aspx
– http://technet.microsoft.com/en-us/sharepoint/ff678022.aspx#lesson2
– http://blogs.msdn.com/b/russmax/archive/2010/05/27/understanding-sharepoint-2010-claims-authentication.aspx
• Microsoft PDC: – http://www.microsoftpdc.com/2009/SVC26
THANK YOU!