Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Similar documents

Identity. Provide. ...to Office 365 & Beyond

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

SINGLE & SAME SIGN-ON ASPECTS

IT Exam Training online / Bootcamp

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Single Sign On. SSO & ID Management for Web and Mobile Applications

DocuSign Information Guide. Single Sign On Functionality. Overview. Table of Contents

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

ADS2013: App Development with SharePoint 2013

CLAIMS-BASED IDENTITY FOR WINDOWS

Get a Whiff of WIF Windows Identity Foundation. Keith Brown

The Role of Identity Enabled Web Services in Cloud Computing

The Great Office 365 Adventure

Extend and Enhance AD FS

GOA365: The Great Office 365 Adventure

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

USING FEDERATED AUTHENTICATION WITH M-FILES

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

The Challenges of Web single sign-on

Flexible Identity Federation

Securing Cloud Applications Using Windows Azure Access Control

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Azure Active Directory

managing SSO with shared credentials

Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

OPENIAM ACCESS MANAGER. Web Access Management made Easy

A Standards-based Mobile Application IdM Architecture

Collaborating with External Users

Security As A Service Leveraged by Apache Projects. Oliver Wulff, Talend

SAV2013: The Great SharePoint 2013 App Venture

Virtualization and Cloud Computing

Creating a Single Sign on Web Portal using Azure. Robert Crane Office 365

MS 10978A Introduction to Azure for Developers

OpenID Connect 1.0 for Enterprise

Identity and Access Management for the Hybrid Enterprise

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

TH3 Office 365 REST APIs. Peter Carson

Connecting Users with Identity as a Service

Federated Identity for Cloud Computing and Cross-organization Collaboration

The Top 5 Federated Single Sign-On Scenarios

Single sign-on for ASP.Net and SharePoint

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Mod 2: User Management

HOL9449 Access Management: Secure web, mobile and cloud access

Centrify Mobile Authentication Services for Samsung KNOX

Integrating Apex into Federated Environment using SAML 2.0. Jon Tupman Portalsoft Solutions Ltd

SECUREAUTH IDP AND OFFICE 365

Course 10978A Introduction to Azure for Developers

Single Sign-on (SSO) technologies for the Domino Web Server

Audience Profile This course is intended for any developer that is tasked with creating applications that interface with O365.

Federated Identity and Single Sign-On using CA API Gateway

Introduction to SAML

Managing trust relationships with multiple business identity providers (basics) 55091A; 3 Days

Agenda. How to configure

Planning your Microsoft Application Strategy in a Cloud Crazy World. Steve Soper Senior Managing Partner

Microsoft Office 365 Using SAML Integration Guide

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

Claims-based security and multitenancy using Windows Azure Access Control Service

Secure Identity in Cloud Computing

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

UNIVERSITY OF COLORADO Procurement Service Center INTENT TO SOLE SOURCE PROCUREMENT CU-JL SS. Single Sign-On (SSO) Solution

NCSU SSO. Case Study

Mobile Security. Policies, Standards, Frameworks, Guidelines

Using Shibboleth for Single Sign- On

SAML SSO Configuration

The Primer: Nuts and Bolts of Federated Identity Management

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

Coveo Platform 7.0. Microsoft SharePoint Connector Guide

The Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs

OVERVIEW. DIGIPASS Authentication for Office 365

CA CloudMinder. Getting Started with SSO 1.5

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

SAM Context-Based Authentication Using Juniper SA Integration Guide

The Role of Federation in Identity Management

Centrify Mobile Authentication Services

Identity Management with Spring Security. Dave Syer, VMware, SpringOne 2011

Overview of products, services and capabilities

GSA2013: The Great SharePoint Adventure 2013

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0

Final Project Report December 9, Cloud-based Authentication with Native Client Server Applications. Nils Dussart

Copyright Pivotal Software Inc, of 10

SAML-Based SSO Solution

SAML and OAUTH comparison

Federation architectures for mobile applications OAuth 2.0 Drivers OAuth 2.0 Overview Mobile walkthrough

Getting Started with Clearlogin A Guide for Administrators V1.01

This module provides an overview of service and cloud technologies using the Microsoft.NET Framework and the Windows Azure cloud.

How To Use Salesforce Identity Features

Transcription:

Sofia Event Center 14-15 May 2014 Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Radi Atanassov SharePoint MCM & MVP OneBit Software

About Me

About Me Radi Atanassov SharePoint 2010 MCM SharePoint Server MVP OneBit Software Web Platform User Group Twitter: @RadiAtanassov E-mail: radi@sharepoint.bg

Agenda Identity & Access Windows Azure Active Directory DEMO: ASP.NET MVC & WS-Fed for SSO DEMO: Query the directory with the Graph API

Identity & Access Introduction

Our world is changing. Cloud

Today we are: Cloud Cloud Cloud first. Mobile first. Social

Identity & Access Web App Another Web App Service Collaboration IM/Video Mail, Tasks & Calendar

Identity & Access Identity Provider App Relying Party

Identity & Access Identity Provider App Relying Party Relying Party 2

Many Token Formats SAML JWT Kerberos Ticket Custom

Tokens & Validation Well formed Intended format Validity Not tampered with (signature) Intended Authority Signature verification Trusted, unique issuer Current Application Correct Audience

Many Protocols & Standards SAML-P WS-Federation OAuth OpenID Connect

SAML vs. WS-Federation Both support SSO, metadata exchange, trust, the claims terminology, the concept of federated identity, sign out, pseudonyms Both are confusing Both are OASIS standards SAML-P Older, widespread Only supports SAML Assertions WS-Federation Pushed by MS Supports many tokens + SAML Much more functional

OpenID Connect vs OAuth 2.0 OpenID Connect OAuth 2.0 Identity Providers Authentication Community driven, open source project No abstraction, direct & lightweight SSO solution Authorization Permit Site A to access Site B on your behalf Defines what you can do once access is allowed

Enterprise Security Flexibility and features similar to the Web world Cross-system data exchange Single sign-on is a key requirement Push for standards Attention to security

Practical Architecture Design & develop a single sign-on system Choose how to authenticate your users Spot & discuss security risks Cloud, mobile and App trends are pushing this Huge in the enterprise Huge in the consumer App space Not getting any easier!

Architecture Decisions Where are your users stored? What authentication handshaking will you use? What tokens will you use? What is the hosting platform and application framework/language? What are the business rules/security requirements? ASP.NET: which ASP.NET library?

ASP.NET Library History Forms Authentication (ASP.NET Membership) Nothing to do with any standard SSO: requires a subdomain, no cross domain Windows Authentication NTLM & Kerberos ASP.NET Simple Membership a membership system for ASP.NET Web Pages ASP.NET Universal Providers Built on top of ASP.NET Membership ASP.NET & Windows Identity Foundation Custom

ASP.NET Identity 2.0 One system for all ASP.NET frameworks Hybrid-friendly, standards-based, cross-framework, cross-platform Easy to enhance profile data & schema Easier unit testing Claims-aware Role Manager API Easy API for social login providers WAAD implementation OWIN Microsoft.AspNet.Identity.*

ADAL.NET Active Directory Authentication Library for.net 2.0 System.IdentityModel.Clients.ActiveDirectory API & helper classes for Active Directory, ADFS, WAAD Has support for JWT, SAML, OAuth Token acquisition, refreshing, storage Good for non-web applications

.NET 4.5 & WIF

Windows Azure Active Directory Introduction

Windows Azure Active Directory Dirsync On-premises Directory Graph API SAML-P WS-Fed OAuth 2.0 Metadata

Windows Azure Active Directory

Windows Azure Active Directory Cloud Windows Azure Active Directory Cloud App Exchange Online On-premises Active Directory Federation Services (STS) On-premises Active Directory Web Portal SharePoint

Buildings Apps with SSO DEMO

Questions??? Share your feedback for this particular session and for the overall conference experience at http://aka.ms/intouch EMAIL: radi@sharepoint.bg