Monday, May 19, 2014

@SPC_ORG @helloitsliam on SP2013 Authentication & Authorization

 Claims mentality: there is no user, there is an attribute by Liam Cleary

Authentication = Verification of Claim (login, pwd) - is not on SP
Authorization = Verification of Permission (access verification) - going on SP

Authentication precedes authorization (except anonymous access)

Often mistake: "Too often we focus on Authentication and not Authorization"

Authentication Claims
 - wide support;
 - WF-Trust 1.4
 - SAML Token 1.1 AuthN
 - It was developed for Sign On
 - Federation
Already many providers
-Microsoft standard approach
- before we needed to write custom code to authenticaion

Claim =
1. Identity (AD, Google, Windows Live) +
2. Claim (Attibutes of the Identity) +
3. Token (binary Representation of Idenity) +
4. Relying Party (aka RP) +
5. Secure Token Service (STS)

What is Claims Augmentation:

  • Ability to intercept the incoming claims and transform to different outgoing claims
  • Add additional attributes
Why to use Claims Augmentation: - retrieve user attributes to LOB

Authentication methods:

1. AD is a classical method authentication.

2. Membership and Role Providers - a custom mechanism for authentication

3. Custom Identity Provider.
Requires Trusted Certificate for communication

4. Azure Control Service (Azure Windows AD)
for O365 - ADFS Type cloud based service

Oauth - is a mechanism based on "Trust"
You trust the app, the app has permissions assigned.
So you can access data that you (as user) don't have access, but app has.