SlideShare une entreprise Scribd logo

SharePoint Access Control and Claims Based Authentication

Jonathan Schultz
Jonathan Schultz
Technologie
1  sur  18
SharePoint Access Control Jonathan Schultz (@SharePointValue) Skyline Technologies, Inc. 01/18/2012
About Skyline Technologies • Leading Microsoft solutions provider – Develops and tailors IT applications to meet the business and technical objectives of customers – Serves clients in the manufacturing and retail to healthcare, transportation, and logistics industries • Microsoft Partner with Gold competencies in Business Intelligence, Content Management, Portals and Collaboration, and Web Development and Silver competencies in Data Platform, Project and Portfolio Management, Search, and Software Development. • Provides a pathway to speed your company toward its vision. • Recognized by businesses nationwide as a team of smart, experienced people and a Microsoft Gold Certified Partner organization specializing in adapting Microsoft solutions to individual client’s needs.
Agenda • SharePoint Access Control • What are Claims? • Why would you use them? • Claims-Based Authentication • Reality of Claims Based Authentication • Reference Materials
SharePoint Access Control • Authentication vs. Authorization – Authentication = Who are you? – Authorization = What can you do? • Information Rights Management – Windows Server 2008 Active Directory Rights Management Server – CSS Print Suppression • @media print { .NoPrint { display: none; } }
Security Environments Loosely Managed Tightly Managed • Distributed Accountability • Centralized Authority • Low Risk Content • Auditing Requirements • Flexible – Content – Process
Groups SharePoint Groups Active Directory Groups • Distributed • Centralized • SharePoint Only • Enterprise • Auditing • Auditing – 3rd Party Tools – Member Of
What are Claims? • Attributes about a User • Need to Come from Someone You Trust • Driver’s License Example – Trusted Provider = State of Wisconsin – Claims • Name = Jonathan Schultz • Age = 35 • Organ Donor = No
UWEBC Claims Example • Trusted Provider = Cavinda • My Claims – Name = Jonathan Schultz – Company = Skyline Technologies – Presenter = Yes
Why Use Claims? • Claim Augmentation – Security Groups from Active Directory – HRMS/CRM Attributes • Title/Role • Federation – Partner Network • Business to Business – Subsidiaries – Web 2.0 (Windows Live, Facebook, etc.) • Advanced Authentication & Authorization
Basic Claims Scenario
Claims Based Architecture
Terminology • Security Token Service (STS) – Identity Provider (IP-STS) – Relying Party (RP-STS) • Security Assertion Markup Language (SAML) • Windows Identity Framework (formerly Geneva) • Trusted Login Provider
Under the Covers
Claims-to-Windows Token Service
Claims Based Architecture Notes • New in SharePoint 2010 • Authentication Prompt for Multiple Providers • All Intra/Inter Farm Calls are Claims Based – i.e. Service Applications • Claims-to-Windows Token Service Needed for Some Service Applications, i.e. PerformancePoint Services
Claims Development Tasks • Custom Login Pages – Extranet Scenarios – Branding – “Remember Me” Capability – Home Realm Discovery • Custom Claim Providers – Claims Augmentation – Claims Picking / Resolution • Trusted Login Providers – WIF SDK
Reality of Claims Based Authentication • Claims Authorization uses OR logic, not AND – Scenario: Authorize US HR User • Location Claim = US • Department Claim = HR • Will also succeed for US IT because of US OR HR • Trusted Identity Providers – Cookie Driven (Watch out for domains/paths) – Time Based Expiration (Server Times) • Claims + Kerberos + SSRS = Problem
Reference Materials • Claims and Security Technical Articles for SharePoint 2010 • Implementing Claims-Based Authentication with SharePoint Server 2010 – White Paper • A Guide to Claims-Based Identity and Access Control – Patterns & Practices • Custom Claims-Based Security in SharePoint 2010 • Steve Peschka’s Blog: Share-n-dipity

Recommandé

How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Brian Culver
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 

Recommandé

How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Unlock your Big Data with Analytics and BI on Office 365 - OFF103
Unlock your Big Data with Analytics and BI on Office 365 - OFF103Brian Culver
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point T28 implementing adfs and hybrid share point
T28 implementing adfs and hybrid share point Thorbjørn Værp
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authenticationijtsrd
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioAntonioMaio2
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveGranikos GmbH & Co. KG
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Xamarin
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CloudIDSummit
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1Vinu Gunasekaran
 
Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Jonathan Schultz
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 

Contenu connexe

Tendances

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authenticationijtsrd
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioAntonioMaio2
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Xamarin
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CloudIDSummit
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1Vinu Gunasekaran
 

Tendances (20)

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for Extranets
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony Financial
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
 

Similaire à SharePoint Access Control and Claims Based Authentication

Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Jonathan Schultz
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
Sharepoint & Dynamics CRM
Sharepoint & Dynamics CRMSharepoint & Dynamics CRM
Sharepoint & Dynamics CRMrujuta4radix
 
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User ProvisioningEnvision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User ProvisioningEnvision IT
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryHanno Ekdahl
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterForgeRock
 
SQL Saturday Columbus 2014 Exposing SQL Data with SharePoint
SQL Saturday Columbus 2014 Exposing SQL Data with SharePointSQL Saturday Columbus 2014 Exposing SQL Data with SharePoint
SQL Saturday Columbus 2014 Exposing SQL Data with SharePointScott_Brickey
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructuresFrancesco Chicchiriccò
 
Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW Addvantum
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital TransformationWSO2
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision IT
 
Using Search to Drive Self-Help Success at Veritas
Using Search to Drive Self-Help Success at VeritasUsing Search to Drive Self-Help Success at Veritas
Using Search to Drive Self-Help Success at VeritasLucidworks
 
Data Strategy
Data StrategyData Strategy
Data Strategysabnees
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxzmulani8
 
Cloud for share point
Cloud for share pointCloud for share point
Cloud for share pointRick Taylor
 

Similaire à SharePoint Access Control and Claims Based Authentication (20)

Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
Sharepoint & Dynamics CRM
Sharepoint & Dynamics CRMSharepoint & Dynamics CRM
Sharepoint & Dynamics CRM
 
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User ProvisioningEnvision it SharePoint Extranet Webinar Series - Extranet User Provisioning
Envision it SharePoint Extranet Webinar Series - Extranet User Provisioning
 
SharePoint Custom Development
SharePoint Custom DevelopmentSharePoint Custom Development
SharePoint Custom Development
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and Recovery
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over Perimeter
 
SQL Saturday Columbus 2014 Exposing SQL Data with SharePoint
SQL Saturday Columbus 2014 Exposing SQL Data with SharePointSQL Saturday Columbus 2014 Exposing SQL Data with SharePoint
SQL Saturday Columbus 2014 Exposing SQL Data with SharePoint
 
Building open source identity infrastructures
Building open source identity infrastructuresBuilding open source identity infrastructures
Building open source identity infrastructures
 
Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
Katpro general portfolio - industry based
Katpro general portfolio - industry basedKatpro general portfolio - industry based
Katpro general portfolio - industry based
 
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
 
Using Search to Drive Self-Help Success at Veritas
Using Search to Drive Self-Help Success at VeritasUsing Search to Drive Self-Help Success at Veritas
Using Search to Drive Self-Help Success at Veritas
 
Data Strategy
Data StrategyData Strategy
Data Strategy
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptx
 
Cloud for share point
Cloud for share pointCloud for share point
Cloud for share point
 

Plus de Jonathan Schultz

Modernize Solutions with SharePoint & the Power Platform
Modernize Solutions with SharePoint & the Power PlatformModernize Solutions with SharePoint & the Power Platform
Modernize Solutions with SharePoint & the Power PlatformJonathan Schultz
 
Office 365 Change Management
Office 365 Change ManagementOffice 365 Change Management
Office 365 Change ManagementJonathan Schultz
 
Microsoft Enterprise Collaboration Solutions
Microsoft Enterprise Collaboration SolutionsMicrosoft Enterprise Collaboration Solutions
Microsoft Enterprise Collaboration SolutionsJonathan Schultz
 
Preparing for SharePoint 2013
Preparing for SharePoint 2013Preparing for SharePoint 2013
Preparing for SharePoint 2013Jonathan Schultz
 
Using InfoPath 2010 to Manage Data
Using InfoPath 2010 to Manage DataUsing InfoPath 2010 to Manage Data
Using InfoPath 2010 to Manage DataJonathan Schultz
 
SharePoint Design & Development
SharePoint Design & DevelopmentSharePoint Design & Development
SharePoint Design & DevelopmentJonathan Schultz
 
SharePoint Business Intelligence (BI)
SharePoint Business Intelligence (BI)SharePoint Business Intelligence (BI)
SharePoint Business Intelligence (BI)Jonathan Schultz
 

Plus de Jonathan Schultz (7)

Modernize Solutions with SharePoint & the Power Platform
Modernize Solutions with SharePoint & the Power PlatformModernize Solutions with SharePoint & the Power Platform
Modernize Solutions with SharePoint & the Power Platform
 
Office 365 Change Management
Office 365 Change ManagementOffice 365 Change Management
Office 365 Change Management
 
Microsoft Enterprise Collaboration Solutions
Microsoft Enterprise Collaboration SolutionsMicrosoft Enterprise Collaboration Solutions
Microsoft Enterprise Collaboration Solutions
 
Preparing for SharePoint 2013
Preparing for SharePoint 2013Preparing for SharePoint 2013
Preparing for SharePoint 2013
 
Using InfoPath 2010 to Manage Data
Using InfoPath 2010 to Manage DataUsing InfoPath 2010 to Manage Data
Using InfoPath 2010 to Manage Data
 
SharePoint Design & Development
SharePoint Design & DevelopmentSharePoint Design & Development
SharePoint Design & Development
 
SharePoint Business Intelligence (BI)
SharePoint Business Intelligence (BI)SharePoint Business Intelligence (BI)
SharePoint Business Intelligence (BI)
 

Dernier

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Dernier (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

SharePoint Access Control and Claims Based Authentication

  • 1. SharePoint Access Control Jonathan Schultz (@SharePointValue) Skyline Technologies, Inc. 01/18/2012
  • 2. About Skyline Technologies • Leading Microsoft solutions provider – Develops and tailors IT applications to meet the business and technical objectives of customers – Serves clients in the manufacturing and retail to healthcare, transportation, and logistics industries • Microsoft Partner with Gold competencies in Business Intelligence, Content Management, Portals and Collaboration, and Web Development and Silver competencies in Data Platform, Project and Portfolio Management, Search, and Software Development. • Provides a pathway to speed your company toward its vision. • Recognized by businesses nationwide as a team of smart, experienced people and a Microsoft Gold Certified Partner organization specializing in adapting Microsoft solutions to individual client’s needs.
  • 3. Agenda • SharePoint Access Control • What are Claims? • Why would you use them? • Claims-Based Authentication • Reality of Claims Based Authentication • Reference Materials
  • 4. SharePoint Access Control • Authentication vs. Authorization – Authentication = Who are you? – Authorization = What can you do? • Information Rights Management – Windows Server 2008 Active Directory Rights Management Server – CSS Print Suppression • @media print { .NoPrint { display: none; } }
  • 5. Security Environments Loosely Managed Tightly Managed • Distributed Accountability • Centralized Authority • Low Risk Content • Auditing Requirements • Flexible – Content – Process
  • 6. Groups SharePoint Groups Active Directory Groups • Distributed • Centralized • SharePoint Only • Enterprise • Auditing • Auditing – 3rd Party Tools – Member Of
  • 7. What are Claims? • Attributes about a User • Need to Come from Someone You Trust • Driver’s License Example – Trusted Provider = State of Wisconsin – Claims • Name = Jonathan Schultz • Age = 35 • Organ Donor = No
  • 8. UWEBC Claims Example • Trusted Provider = Cavinda • My Claims – Name = Jonathan Schultz – Company = Skyline Technologies – Presenter = Yes
  • 9. Why Use Claims? • Claim Augmentation – Security Groups from Active Directory – HRMS/CRM Attributes • Title/Role • Federation – Partner Network • Business to Business – Subsidiaries – Web 2.0 (Windows Live, Facebook, etc.) • Advanced Authentication & Authorization
  • 12. Terminology • Security Token Service (STS) – Identity Provider (IP-STS) – Relying Party (RP-STS) • Security Assertion Markup Language (SAML) • Windows Identity Framework (formerly Geneva) • Trusted Login Provider
  • 15. Claims Based Architecture Notes • New in SharePoint 2010 • Authentication Prompt for Multiple Providers • All Intra/Inter Farm Calls are Claims Based – i.e. Service Applications • Claims-to-Windows Token Service Needed for Some Service Applications, i.e. PerformancePoint Services
  • 16. Claims Development Tasks • Custom Login Pages – Extranet Scenarios – Branding – “Remember Me” Capability – Home Realm Discovery • Custom Claim Providers – Claims Augmentation – Claims Picking / Resolution • Trusted Login Providers – WIF SDK
  • 17. Reality of Claims Based Authentication • Claims Authorization uses OR logic, not AND – Scenario: Authorize US HR User • Location Claim = US • Department Claim = HR • Will also succeed for US IT because of US OR HR • Trusted Identity Providers – Cookie Driven (Watch out for domains/paths) – Time Based Expiration (Server Times) • Claims + Kerberos + SSRS = Problem
  • 18. Reference Materials • Claims and Security Technical Articles for SharePoint 2010 • Implementing Claims-Based Authentication with SharePoint Server 2010 – White Paper • A Guide to Claims-Based Identity and Access Control – Patterns & Practices • Custom Claims-Based Security in SharePoint 2010 • Steve Peschka’s Blog: Share-n-dipity