Spca2014 thvo adfs pub vochten

•

1 recomendación•674 vistas

NCCOMMS

ADFS & SharePoint the real world
Thomas Vochten
November 19, 2014 | SharePoint Connect Amsterdam

About Me
Thomas VochtenSharePoint MVP. Platform architect. Speaker. Trainer. Involuntary DBA. Consultant at Xylos. V-TSP at Microsoft.
@thomasvochtenhttp://thomasvochten.com
mail@thomasvochten.com

Claims based identity
Authorization decisions are based on claims

Why ADFS ?
ADFS Wiki on TechNet: http://thvo.me/adfswiki

Claims Token
Claim
Claim
Claim
Claim
Signature
Name
Age
Location

Installing ADFS
Windows Server 2008 R2
ADFS2.0 (free download)
Windows Server 2012
ADFS 2.1 (included)
Windows Server 2012R2
ADFS 3.0 (included)
Configuration is stored in
•Windows Internal Database (standalone)
•SQL Server (farm)
Install-WindowsFeature ADFS-Federation -IncludeManagementTools

#
# Windows PowerShell script for AD FS Deployment
#
Import-Module ADFS
# Get the credential used for the federation service account
$serviceAccountCredential= Get-Credential
Install-AdfsFarm`
-CertificateThumbprint:"E76240FE42A81F9D61832A47DFD752EE6DB3A5A5" `
-FederationServiceDisplayName:"THVO Federation" `
-FederationServiceName:"fed.thvo.net" `
-ServiceAccountCredential:$serviceAccountCredential`
-SQLConnectionString:"Data Source=alias_FSDB;InitialCatalog=ADFSConfiguration;IntegratedSecurity=True;MinPool Size=20"

Create the Trusted Security Token Issuer
# Import the ADFS token signing certificate to SharePoint
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:FS01-TokenSigning.cer")
New-SPTrustedRootAuthority -Name "FS01 Token SigningCertificate" -Certificate $cert
# Define the claims type mappings
$emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName"EmailAddress" -SameAsIncoming
$roleClaimMap = New-SPClaimTypeMapping -IncomingClaimType"http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName"Role" -SameAsIncoming
$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName"UPN" -SameAsIncoming

Create the Trusted Security Token Issuer
# Create the trusted identity provider
$realm = "urn:sharepoint:intranet"
$signInURL = "https://sts.lab.thvo.net/adfs/ls"
$issuer = New-SPTrustedIdentityTokenIssuer -Name "ADFS" -Description"ADFS Trusted Identity Provider" `
-Realm $realm -ImportTrustCertificate $cert `
-ClaimsMappings $emailClaimMap,$roleClaimMap,$upnClaimMap `
-SignInUrl $signInURL `
-IdentifierClaim $upnClaimMap.InputClaimType

Multiple Web Apps / Host Named Sites
37
$issuer= Get-SPTrustedIdentityTokenIssuer"FED01"
$uri = new-object System.Uri("https://sf01-my.thvo.net/_trust/")
$issuer.ProviderRealms.Add($uri, "urn:sharepoint:sf01-my")
$issuer.Update()
$issuer= Get-SPTrustedIdentityTokenIssuer"FED01"
$isser.UseWReplyParameter= $true
$issuer.Update()

Claims Encoding
i:0#.t|fed01|thomasv
i:0#.w|labthomasv
© Wictor Wilén

Custom Claims Provider
https://ldapcp.codeplex.com/

(User) Pictures in multiple sites or web applications
$wa = Get-SPWebApplication https://sf01-content.thvo.net
$wa.CrossDomainPhotosEnabled = $true
$wa.Update()

Más contenido relacionado

La actualidad más candente

A presentation at a technology meetup. Roy Kim will walk through various access scenarios and capabilities using Azure AD services and features to access SharePoint 2013/2016 server. This will include a comparison between AD Connect + Azure Application Proxy to publish an internal SharePoint application and 3rd Party Auth0 to assist in federating Azure AD and SSO integration. And also the recently supported Azure AD SAML 1.1 Token. Roy will go through a demo, its architecture, and commentary of pros and cons. At the end you will have a good understanding of the technology capabilities to determine supporting access and user management scenarios.

Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG

Roy Kim

It112 SharePoint 2010Mythbusters

Spencer Harbar

Office 365 APIs for your Applications

Ruhani Arora

SharePoint and Office Development Workshop

Eric Shupps

Kerberos part 2

Spencer Harbar

Managing user credentials and application access is becoming more-and-more difficult in today's "cloud era". Windows Azure Pack just installed, how to let your tenants authenticate ? With their own ADFS ? With Windows Azure Active Directory ? And why not their Google account ? This session will cover all the different ways that are available today to let your user authenticate with Windows Azure Pack.

Multi-Factor Authentication for your clouds

Alexandre Verkinderen

O365Con18 - Introduction to Azure Web Applications - Eric Shupps

NCCOMMS

Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...

Eric Shupps

Microsoft Azure Identity and O365

Kris Wagner

Colabora.dk - Azure PTA vs ADFS vs Desktop SSO

Peter Selch Dahl

Presentation

Laxman Kumar

Windows Azure Active Directory

Krunal Trivedi

O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal

NCCOMMS

Azure for SharePoint Developers - Workshop - Part 3: Web Services

Bob German

IdP, SAML, OAuth

Dan Brinkmann

Deploying your static web app to the Cloud

Christoffer Noring

Azure AD Presentation - @ BITPro - Ajay

Anoop Nair

Introduction to Azure Web Applications for Office and SharePoint Developers

Eric Shupps

CTU June 2011 - Windows Azure App Fabric

Spiffy

Microsoft Azure ad in 10 slides

Andre Debilloez

La actualidad más candente (20)

Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG

It112 SharePoint 2010Mythbusters

Office 365 APIs for your Applications

SharePoint and Office Development Workshop

Kerberos part 2

Multi-Factor Authentication for your clouds

O365Con18 - Introduction to Azure Web Applications - Eric Shupps

Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...

Microsoft Azure Identity and O365

Colabora.dk - Azure PTA vs ADFS vs Desktop SSO

Presentation

Windows Azure Active Directory

O365Con18 - External Collaboration with Azure B2B - Sjoukje Zaal

Azure for SharePoint Developers - Workshop - Part 3: Web Services

IdP, SAML, OAuth

Deploying your static web app to the Cloud

Azure AD Presentation - @ BITPro - Ajay

Introduction to Azure Web Applications for Office and SharePoint Developers

CTU June 2011 - Windows Azure App Fabric

Microsoft Azure ad in 10 slides

Destacado

Spca2014 sp connect 10 worst practices sam marshall 1.0d

NCCOMMS

Spca2014 thvo sql pub vochten

NCCOMMS

Spca2014 office365 ap is full hackett obrien

NCCOMMS

Spca2014 marianne vanwanrooij collaboration_and_enterprise_content_management

NCCOMMS

Spca2014 yammer share point_what_next_moneypenny

NCCOMMS

Spca2014 practical large scale migration guidance v1.0 andries den haan

NCCOMMS

Spca2014 social refiners svenson

NCCOMMS

Spca2014 real world business value of social kapic

NCCOMMS

Spca2014 sp buy orbuild goedhart

NCCOMMS

Spca2014 share point azure_the_best_of_friends_moneypenny

NCCOMMS

Spca2014 navigating clouds sp_con14_mackie

NCCOMMS

Spca2014 search queries explained svenson

NCCOMMS

Spca2014 public rovers

NCCOMMS

Spca2014 sp ci with tfs online and azure matthias einig

NCCOMMS

Spca2014 office 365 the year in review and next year too oosterveld

NCCOMMS

Spca2014 keynote johnson

NCCOMMS

Spca2014 mirjam van olst upgrading share point 2010 custom solutions to sha...

NCCOMMS

SPCA2013 - Test-driven Development with SharePoint 2013 and Visual Studio

NCCOMMS

Spca2014 search workshop niaulin

NCCOMMS

Destacado (19)

Spca2014 sp connect 10 worst practices sam marshall 1.0d

Spca2014 thvo sql pub vochten

Spca2014 office365 ap is full hackett obrien

Spca2014 marianne vanwanrooij collaboration_and_enterprise_content_management

Spca2014 yammer share point_what_next_moneypenny

Spca2014 practical large scale migration guidance v1.0 andries den haan

Spca2014 social refiners svenson

Spca2014 real world business value of social kapic

Spca2014 sp buy orbuild goedhart

Spca2014 share point azure_the_best_of_friends_moneypenny

Spca2014 navigating clouds sp_con14_mackie

Spca2014 search queries explained svenson

Spca2014 public rovers

Spca2014 sp ci with tfs online and azure matthias einig

Spca2014 office 365 the year in review and next year too oosterveld

Spca2014 keynote johnson

Spca2014 mirjam van olst upgrading share point 2010 custom solutions to sha...

SPCA2013 - Test-driven Development with SharePoint 2013 and Visual Studio

Spca2014 search workshop niaulin

Similar a Spca2014 thvo adfs pub vochten

Early Adopting Java WSIT-Experiences with Windows CardSpace

Oliver Pfaff

Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...

Xamarin

Are you ready to discover one of the most hidden and underestimated Windows 2012 R2 features called "Work Folders"? Work Folders allows you to leverage your investment in File Servers while simultaneously providing end users with anywhere access to their data from their work PC as well as their personal devices. In this session, you will learn about the challenges to securely implement and manage "traditional" home folders to the BYOD (bring your own device) world. Learn how to deploy and manage Work Folders servers and clients, gain an understanding of how Work Folders operates end-to-end and integrates into your existing infrastructure, and how Work Folders takes advantage of capabilities like multi-factor authentication, Workplace Join and Selective Wipe to ensure that corporate data remains secure wherever it goes.

ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...

ITProceed

Single Sign On using ADFS.pptx

Alireza Vafi

Ad fs

Iván Sanchez Vera

PHP on Windows and on Azure

Maarten Balliauw

Chris O'Brien - Modern SharePoint development: techniques for moving code off...

Chris O'Brien

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

Developing and deploying Identity-enabled applications for the cloud

Maarten Balliauw

Claims-Based Identity in SharePoint 2010

Danny Jessee

If you are interested to know more about AWS Chicago Summit, please use the following to register: http://amzn.to/1RooPPL Many AWS customers have adopted a DevOps model for faster and more reliable software delivery. Applying software engineering best practices such as revision control and continuous delivery to your infrastructure is essential for adopting DevOps. In this webinar, find out how AWS CloudFormation allows you to leverage a DevOps model by treating infrastructure as code and applying software engineering best practices to your AWS infrastructure. Learning Objectives: • Understand the basic CloudFormation terminology, concepts, and workflow • Deploy applications and provision infrastructure through a CloudFormation template • Use CloudFormation with a CICD pipeline, AWS OpsWorks, and AWS Lambda Who Should Attend: • DevOps Engineers, Solutions Architects, Systems Integrators

AWS May Webinar Series - Deep Dive: Infrastructure as Code

Amazon Web Services

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

Develop iOS and Android apps with SharePoint/Office 365

Kashif Imran

PCI Security Requirements - secure coding

Haitham Raik

SAML and Other Types of Federation for Your Enterprise

Denis Gundarev

Attacking ADFS Endpoints with PowerShell Karl Fosaaen - @kfosaaen Active Directory Federation Services (ADFS) has become increasingly popular in the last few years. As a penetration tester, I'm seeing organizations opening themselves up to attacks on ADFS endpoints across the Internet. Manually completing attacks against these endpoints can be tedious. The current native Microsoft management tools are handy, but what if we weaponized them. During this talk, I will show you how to identify domains that support ADFS, confirm email addresses for users of the domain, and help you guess passwords for those users. We'll cover how you can set up your own hosted ADFS domain (on the cheap), and use it to attack other federated domains. On top of that, we'll show you how you can wrap all of the native functionality with PowerShell to automate your attacks. This talk should give penetration testers an overview on how they can start leveraging ADFS endpoints during a penetration test. https://www.derbycon.com/events/attacking-adfs-endpoints-with-powershell/

Attacking ADFS Endpoints - DerbyCon

Karl Fosaaen

Developing Custom Claim Providers to Enable Authorization in SharePoint - Antonio Maio. With the release of SharePoint 2010, Microsoft introduced the concepts of Claims Based Authentication and Authorization. SharePoint 2013 went a step further making Claims Based Authentication the default method for authenticating users when they login. Claims, and identities in general, are playing a bigger role in the security capabilities of systems like SharePoint, enabling us to solve some new and exciting security challenges. Typically we authorize the content that users have access to using SharePoint permissions, however authentication scenarios can be extended in new and interesting ways by developing a custom component called a Custom Claim Provider. This session will introduce the concepts of Claims Based Authentication and Authorization in SharePoint and provide step by step instructions on how to develop and deploy Custom Claim Providers. The session will also walk through several examples of how custom Claim Providers can enhance SharePoint security and authorization.

Developing custom claim providers to enable authorization in share point an...

AntonioMaio2

Claims Based Identity In Share Point 2010

Steve Sofian

Many AWS customers have adopted a DevOps model for faster and more reliable software delivery. Applying software engineering best practices such as revision control and continuous delivery to your infrastructure is essential for adopting DevOps. In this session, find out how CloudFormation and associated AWS tools allow you to leverage a DevOps model by treating infrastructure as code and applying software engineering best practices to your AWS infrastructure.

Deep Dive: Infrastructure as Code

Amazon Web Services

Similar a Spca2014 thvo adfs pub vochten (20)

Early Adopting Java WSIT-Experiences with Windows CardSpace

Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...

ITPROCEED_WorkplaceMobility_Delivering traditional File Server Workloads in a...

Single Sign On using ADFS.pptx

Ad fs

PHP on Windows and on Azure

Chris O'Brien - Modern SharePoint development: techniques for moving code off...

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Developing and deploying Identity-enabled applications for the cloud

Claims-Based Identity in SharePoint 2010

AWS May Webinar Series - Deep Dive: Infrastructure as Code

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Develop iOS and Android apps with SharePoint/Office 365

PCI Security Requirements - secure coding

SAML and Other Types of Federation for Your Enterprise

Attacking ADFS Endpoints - DerbyCon

Developing custom claim providers to enable authorization in share point an...

Claims Based Identity In Share Point 2010

Deep Dive: Infrastructure as Code

Más de NCCOMMS

O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...

NCCOMMS

O365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker

NCCOMMS

O365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld

NCCOMMS

O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo

NCCOMMS

O365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo

NCCOMMS

O365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt

NCCOMMS

O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...

NCCOMMS

O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...

NCCOMMS

O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...

NCCOMMS

O365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine

NCCOMMS

O365Con19 - Azure Blackbelt - Jussi Roine

NCCOMMS

O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins

NCCOMMS

O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins

NCCOMMS

O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...

NCCOMMS

O365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf

NCCOMMS

O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...

NCCOMMS

O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager

NCCOMMS

O365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt

NCCOMMS

O365Con19 - How to Inspire Users to Unstick from Email - Luise Freese

NCCOMMS

O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen

NCCOMMS

Más de NCCOMMS (20)