1 / 22

SAML 2.0 @ work with Sharepoint , OWA, …

Jean Marie THIA. SAML 2.0 @ work with Sharepoint , OWA, …. Agenda. 1 - Demonstrations 2 - Explanations 3 - Story Questions. 1 : Authentication. Connect to a web application Connect to Sharepoint Connect to Outlook Web Access. 1 : SharePoint authZ. A MS Word use case

yeardley
Download Presentation

SAML 2.0 @ work with Sharepoint , OWA, …

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Jean Marie THIA SAML 2.0 @ work with Sharepoint, OWA, …

  2. Agenda • 1 - Demonstrations • 2 - Explanations • 3 - Story • Questions

  3. 1 : Authentication • Connect to a web application • Connect to Sharepoint • Connect to Outlook Web Access

  4. 1 : SharePoint authZ • A MS Word use case • From the desktop • From SharePoint • Set authorization in SharePoint

  5. Explanations

  6. 2 : SharePoint WS Fed. SAML 2.0 SharePoint STS ADFS 2.0

  7. 2 : Outlook Web Access Kerberos SAML 2.0 Mapping ADFS 2.0 C2WTS

  8. 2 : ADFS manipulation • Map shibboleth attribute • Map OWA user

  9. Story Claim based access control microsoft.identityModel

  10. 3 : WIF • Core claims API (microsoft.identityModel) • SAML Token • WS Federation protocol • SAML 2.0 protocol with Safewherehttp://safewhere.net/products/saml-20-for-wif.aspx

  11. 3 : WIF compatibility • IsInRoleworks ( web.config declaration )

  12. 3 : WIF programming IClaimsIdentity id =((IClaimsPrincipal)Thread.CurrentPrincipal).Identities[0]; // you can use a simple foreach loop to find a claim... string usersEmail = null; foreach (Claim c in id.Claims) { if (c.ClaimType == System.IdentityModel.Claims.ClaimTypes.Email) { UsersEmail = c.Value; break; } } // you can also use LINQ to find a claim string usersFirstName = (from c in id.Claims where c.ClaimType == System.IdentityModel.Claims.ClaimTypes.GivenName select c).First().Value;

  13. 3 : ADFS 2.0 • Uses SAML 2.0 Protocol • Liberty alliance IdP Lite • Liberty alliance SP Lite • eGov SAML 2.0 Profile v1.5 • Uses WS-* Protocol • Interoperate with Oracle, CA, SUN, Shibboleth, PingIdentity, … • Is a separate download !

  14. 3 : ADFS 2.0 architecture Management APIs and UX Policy Store Interface Identity Store Interface Windows Identity Foundation (WIF) API WMI Provider Protocol Hosting (WS-*, SAML 2.0) Account & Attribute Stores Configuration Database Active Directory Federation Services (AD FS) 2.0 Token/Claim Issuance Service Metadata/Policy Management Service Information Card Issuance Service

  15. 3 : Terminologies

  16. 3 : Azure ACS • ADFS for the cloud • Extended interoperability (Oauth, openID, google, facebook, etc.)

  17. Conclusion • + • Many guides. • AuthZ with claims augmentation. • Claims compatibility with old code. • - • Federation metadata

  18. ADFS v2 - Guides • Sharepoint 2010 Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies http://technet.microsoft.com/en-us/library/adfs2-step-by-step-guides%28WS.10%29.aspx • Outlook Web Access 2010 Exposing OWA 2010 with AD FS 2.0 to other organizations http://www.microsoft.com/france/interop/ressources/documents.aspx • In Common AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommonFederationhttp://technet.microsoft.com/en-us/library/adfs2-step-by-step-guides%28WS.10%29.aspx

  19. Webcast • Architecting claims-aware applicationhttp://www.msteched.com/2010/Europe/ARC303 • From N to Z: Authentication and Authorization in Microsoft SharePoint Server 2010 http://www.msteched.com/2010/NorthAmerica/OSP311 • Developing Microsoft SharePoint Server 2010 Solutions with Claims Authenticationhttp://www.msteched.com/2010/NorthAmerica/OSP306 • http://channel9.msdn.com/

  20. Links at Microsoft • Patterns & Practices A guide to claims-based to Identity and Access Controlhttp://msdn.microsoft.com/en-us/library/ff423674.aspx • MSDNWIF :http://msdn.microsoft.com/en-us/library/ee748484.aspxC2WTS : http://msdn.microsoft.com/en-us/library/ee517278.aspxIdM : http://msdn.microsoft.com/en-us/security/aa570351.aspx • ADFS 2.0 on Technethttp://technet.microsoft.com/en-us/library/adfs2(v=WS.10).aspx

  21. Questions ? Jean-Marie.THIA@upmc.fr twitter.com/jm_thia

  22. Thanks for your attention

More Related