2014-04-05 - SPSPhilly - Authentication and Authorization

71
SPS Philly

TAGS:

description

n today’s complex market place of corporate partnerships and relationships, sharing information is pertinent to ensuring that business operations are conducted in a secure computing environment with trusted entities being provided access to protected information. In this session, Dan will discuss the basics of authentication and authorization in relation to the SharePoint platform. Further, we will be discussing the technical underpinnings of the SharePoint platform’s processing of a user’s identity dependent on identity provider and authorization settings. As a part of this session we will demonstrate different authentication and authorization configurations that are common place in today’s business settings to include when to use: • Integrated Windows Authentication • Forms Based Authentication using SQL Server • ADFS as a Trusted Identity Provider • Threat Management Gateway with Kerberos (Constrained Delegation using client certs) After attending this session, attendees will have a better grasp of the configuration complexities involved with each scenario as well as the user experience impacts based on the path taken.

Transcript of 2014-04-05 - SPSPhilly - Authentication and Authorization

Page 1: 2014-04-05 - SPSPhilly - Authentication and Authorization

SPS Philly

Page 2: 2014-04-05 - SPSPhilly - Authentication and Authorization

Platinum

Gold

Silver Web

http://www.judge.com/
http://www.judge.com/
http://www.k2.com/
http://www.k2.com/
http://www.metalogix.com/
http://www.metalogix.com/
http://mcgladrey.com/content/mcgladrey/en_US/what-we-do/services/technology/erp-and-crm/microsoft-dynamics/microsoft-sharepoint-server-partner.html
http://mcgladrey.com/content/mcgladrey/en_US/what-we-do/services/technology/erp-and-crm/microsoft-dynamics/microsoft-sharepoint-server-partner.html
http://www.metavistech.com/
http://www.metavistech.com/
http://www.captechconsulting.com/
http://www.captechconsulting.com/
http://www.goshengroupllc.com/
http://www.goshengroupllc.com/
http://sharepoint-videos.com/
http://sharepoint-videos.com/
Page 3: 2014-04-05 - SPSPhilly - Authentication and Authorization

SharePoint User Group

• SharePoint

• End Users

• Administrators

• Architects

• Developers

• IT Pros

• Meetings: 2nd Tuesday of the month, Microsoft Malvern, 5:30-8 pm

WEB: www.TriStateSharePoint.org

EMAIL: [email protected]

TWITTER: @tristateSP

Page 4: 2014-04-05 - SPSPhilly - Authentication and Authorization

Dan Usher

Lead Associate

Booz Allen Hamilton

[email protected]

http://www.sharepointdan.com

Page 5: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 6: 2014-04-05 - SPSPhilly - Authentication and Authorization

http://www.yammer.com/spyam

Page 7: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 8: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 9: 2014-04-05 - SPSPhilly - Authentication and Authorization

http://go.spdan.com/kerberos2010

http://go.spdan.com/kerberos2013

http://go.spdan.com/multihopwinrm

http://go.spdan.com/kerberos2010
http://go.spdan.com/kerberos2013
http://go.spdan.com/multihopwinrm
Page 10: 2014-04-05 - SPSPhilly - Authentication and Authorization

http://xkcd.com/1240/

Page 11: 2014-04-05 - SPSPhilly - Authentication and Authorization

Security in General

Page 12: 2014-04-05 - SPSPhilly - Authentication and Authorization

Security in General

Page 13: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 14: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 15: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 16: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 17: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 18: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 19: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 20: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 21: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 22: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 23: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 24: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 25: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 26: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 27: 2014-04-05 - SPSPhilly - Authentication and Authorization

Anonymous

Authentication

Is In Site Group?

Does user have claim attribute?

Web Application / Site Collection

Secured Site / Site Collection / Content

Content Repository

Content

Page 28: 2014-04-05 - SPSPhilly - Authentication and Authorization

So

urc

e: htt

p:/

/go

.sp

dan

.com

/iis

auth

ASP.

NET A

uth

en

tica

tio

n

http://go.spdan.com/iisauth
Page 29: 2014-04-05 - SPSPhilly - Authentication and Authorization

http://go.spdan.com/cba

http://go.spdan.com/cba
Page 30: 2014-04-05 - SPSPhilly - Authentication and Authorization

http://go.spdan.com/cba

http://go.spdan.com/cba
Page 31: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 32: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 33: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 34: 2014-04-05 - SPSPhilly - Authentication and Authorization

htt

p:/

/go

.sp

dan.c

om

/cla

imse

nco

din

g

Page 35: 2014-04-05 - SPSPhilly - Authentication and Authorization

htt

p:/

/go

.sp

dan.c

om

/cla

imse

nco

din

g

Page 36: 2014-04-05 - SPSPhilly - Authentication and Authorization

1. Resource Requested

2. AuthN Request / Redirect

3. AuthN Request

4. Security Token

5. Security Token Request

6. Service Token

7. Resource Request w/Service Token

8. Resource Sent

Identity Provider Security Token Service

aka IP-STS

SharePoint 2010aka RP

Page 37: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 38: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 39: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 40: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 41: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 42: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 43: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 44: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 45: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 46: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 47: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 48: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 49: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 50: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 51: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 52: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 53: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 54: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 55: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 56: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 57: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 58: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 59: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 60: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 61: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 62: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 63: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 64: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 65: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 66: 2014-04-05 - SPSPhilly - Authentication and Authorization

https://sts.domain.com

https://sts.company.com/
Page 67: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 68: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 69: 2014-04-05 - SPSPhilly - Authentication and Authorization

Page 70: 2014-04-05 - SPSPhilly - Authentication and Authorization
Page 71: 2014-04-05 - SPSPhilly - Authentication and Authorization

[email protected]

@binarybrewery

www.sharepointdan.com

mailto:[email protected]
http://www.twitter.com/binarybrewery
http://www.sharepointdan.com

Authentication and Authorization Infrastructure

Authentication and Authorization Infrastructure

Grid Security : Authentication and Authorization

Grid Security : Authentication and Authorization

Authentication Authorization and Accounting Configuration ...

Authentication Authorization and Accounting Configuration ...

Authentication Authorization and Accounting Configuration ...AAA Authentication General Configuration Procedure 4 RADIUS Change of Authorization 5 Change-of-Authorization Requests

Authentication Authorization and Accounting Configuration ...AAA Authentication General Configuration Procedure 4 RADIUS Change of Authorization 5 Change-of-Authorization Requests

Authentication and Authorization (including focussing on ...iamsect.ncl.ac.uk/dissemination/breaking-boundaries/Authentication … · Distributed authentication and authorization

Authentication and Authorization (including focussing on ...iamsect.ncl.ac.uk/dissemination/breaking-boundaries/Authentication … · Distributed authentication and authorization

Authentication and Authorization

Authentication and Authorization

Forms Authentication, Authorization, User Accounts, and ... · PDF fileForms Authentication, Authorization, User Accounts, and Roles :: User-Based Authorization ... ASP.NET makes it

Forms Authentication, Authorization, User Accounts, and ... · PDF fileForms Authentication, Authorization, User Accounts, and Roles :: User-Based Authorization ... ASP.NET makes it

Visual Authentication - A Secure Single Step Authentication for User Authorization

Visual Authentication - A Secure Single Step Authentication for User Authorization

Authentication, authorization

Authentication, authorization

Authorization, Authentication, And Security

Authorization, Authentication, And Security

Identification, Authentication and Authorization on the ... · Identification, Authentication and Authorization on the ... these concerns focus on identification, authentication and

Identification, Authentication and Authorization on the ... · Identification, Authentication and Authorization on the ... these concerns focus on identification, authentication and

SharePoint Adoption Tactics - SPSPhilly

SharePoint Adoption Tactics - SPSPhilly

Authentication, Authorization, and Accounting

Authentication, Authorization, and Accounting

Password authentication - Santa Monica Collegehomepage.smc.edu/morgan_david/linux/a21-passwords.pdf · authentication != authorization – authorization establishes what user can

Password authentication - Santa Monica Collegehomepage.smc.edu/morgan_david/linux/a21-passwords.pdf · authentication != authorization – authorization establishes what user can

Authentication, Authorization, and Audit Design Pattern: Internal User Identity ... · Authentication, Authorization, and Audit Design Pattern: Internal User Identity Authentication

Authentication, Authorization, and Audit Design Pattern: Internal User Identity ... · Authentication, Authorization, and Audit Design Pattern: Internal User Identity Authentication

UAG Authentication and Authorization- part1

UAG Authentication and Authorization- part1

SharePoint Authentication and Authorization

SharePoint Authentication and Authorization

Opensource Authentication and Authorization

Opensource Authentication and Authorization

Authentication and Authorization in Condor

Authentication and Authorization in Condor

Kernel Authentication & Authorization for J2EE … AUTHENTICATION & AUTHORIZATION FOR J2EE (KAAJEE) ... JavaBean Example: ... x Kernel Authentication & Authorization for Java 2 Enterprise

Kernel Authentication & Authorization for J2EE … AUTHENTICATION & AUTHORIZATION FOR J2EE (KAAJEE) ... JavaBean Example: ... x Kernel Authentication & Authorization for Java 2 Enterprise