SAML 2.0 @ work with Sharepoint , OWA, … - PowerPoint PPT Presentation

saml 2 0 @ work with sharepoint owa l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SAML 2.0 @ work with Sharepoint , OWA, … PowerPoint Presentation
Download Presentation
SAML 2.0 @ work with Sharepoint , OWA, …

play fullscreen
1 / 22
SAML 2.0 @ work with Sharepoint , OWA, …
869 Views
Download Presentation
maude
Download Presentation

SAML 2.0 @ work with Sharepoint , OWA, …

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Jean Marie THIA SAML 2.0 @ work with Sharepoint, OWA, …

  2. Agenda • 1 - Demonstrations • 2 - Explanations • 3 - Story • Questions

  3. 1 : Authentication • Connect to a web application • Connect to Sharepoint • Connect to Outlook Web Access

  4. 1 : SharePoint authZ • A MS Word use case • From the desktop • From SharePoint • Set authorization in SharePoint

  5. Explanations

  6. 2 : SharePoint WS Fed. SAML 2.0 SharePoint STS ADFS 2.0

  7. 2 : Outlook Web Access Kerberos SAML 2.0 Mapping ADFS 2.0 C2WTS

  8. 2 : ADFS manipulation • Map shibboleth attribute • Map OWA user

  9. Story Claim based access control microsoft.identityModel

  10. 3 : WIF • Core claims API (microsoft.identityModel) • SAML Token • WS Federation protocol • SAML 2.0 protocol with Safewherehttp://safewhere.net/products/saml-20-for-wif.aspx

  11. 3 : WIF compatibility • IsInRoleworks ( web.config declaration )

  12. 3 : WIF programming IClaimsIdentity id =((IClaimsPrincipal)Thread.CurrentPrincipal).Identities[0]; // you can use a simple foreach loop to find a claim... string usersEmail = null; foreach (Claim c in id.Claims) { if (c.ClaimType == System.IdentityModel.Claims.ClaimTypes.Email) { UsersEmail = c.Value; break; } } // you can also use LINQ to find a claim string usersFirstName = (from c in id.Claims where c.ClaimType == System.IdentityModel.Claims.ClaimTypes.GivenName select c).First().Value;

  13. 3 : ADFS 2.0 • Uses SAML 2.0 Protocol • Liberty alliance IdP Lite • Liberty alliance SP Lite • eGov SAML 2.0 Profile v1.5 • Uses WS-* Protocol • Interoperate with Oracle, CA, SUN, Shibboleth, PingIdentity, … • Is a separate download !

  14. 3 : ADFS 2.0 architecture Management APIs and UX Policy Store Interface Identity Store Interface Windows Identity Foundation (WIF) API WMI Provider Protocol Hosting (WS-*, SAML 2.0) Account & Attribute Stores Configuration Database Active Directory Federation Services (AD FS) 2.0 Token/Claim Issuance Service Metadata/Policy Management Service Information Card Issuance Service

  15. 3 : Terminologies

  16. 3 : Azure ACS • ADFS for the cloud • Extended interoperability (Oauth, openID, google, facebook, etc.)

  17. Conclusion • + • Many guides. • AuthZ with claims augmentation. • Claims compatibility with old code. • - • Federation metadata

  18. ADFS v2 - Guides • Sharepoint 2010 Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies http://technet.microsoft.com/en-us/library/adfs2-step-by-step-guides%28WS.10%29.aspx • Outlook Web Access 2010 Exposing OWA 2010 with AD FS 2.0 to other organizations http://www.microsoft.com/france/interop/ressources/documents.aspx • In Common AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommonFederationhttp://technet.microsoft.com/en-us/library/adfs2-step-by-step-guides%28WS.10%29.aspx

  19. Webcast • Architecting claims-aware applicationhttp://www.msteched.com/2010/Europe/ARC303 • From N to Z: Authentication and Authorization in Microsoft SharePoint Server 2010 http://www.msteched.com/2010/NorthAmerica/OSP311 • Developing Microsoft SharePoint Server 2010 Solutions with Claims Authenticationhttp://www.msteched.com/2010/NorthAmerica/OSP306 • http://channel9.msdn.com/

  20. Links at Microsoft • Patterns & Practices A guide to claims-based to Identity and Access Controlhttp://msdn.microsoft.com/en-us/library/ff423674.aspx • MSDNWIF :http://msdn.microsoft.com/en-us/library/ee748484.aspxC2WTS : http://msdn.microsoft.com/en-us/library/ee517278.aspxIdM : http://msdn.microsoft.com/en-us/security/aa570351.aspx • ADFS 2.0 on Technethttp://technet.microsoft.com/en-us/library/adfs2(v=WS.10).aspx

  21. Questions ? Jean-Marie.THIA@upmc.fr twitter.com/jm_thia

  22. Thanks for your attention