Jive Connects for Microsoft SharePoint: Authentication Scenarios

Similar documents
Jive Connects for Microsoft SharePoint: Troubleshooting Tips

Authentication Methods

Jive Connects for Microsoft SharePoint

c360 SharePoint Integration User Guide Microsoft Dynamics CRM 4.0 compatible c360 Solutions, Inc.

Cloud Services. Sharepoint. Admin Quick Start Guide

Egnyte Single Sign-On (SSO) Installation for OneLogin

Remote Desktop Web Access. Using Remote Desktop Web Access

VERALAB LDAP Configuration Guide

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

How-to: Single Sign-On

Active Directory Integration

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Wireless Installation Checklist for Novell GroupWise Environments

Using ADOBE LIVECYCLE ES4 Connector for MICROSOFT SHAREPOINT

OneLogin Integration User Guide

How to Access Coast Wi-Fi

Setting Up Jive for SharePoint Online and Office 365. Introduction 2

Quickstart guide to Configuring WebTitan

BusinessObjects Enterprise XI Release 2

DOCOsoft SharePoint Components

ControlPoint. Advanced Installation Guide. Publication Date: January 12, Metalogix International GmbH., All Rights Reserved.

Active Directory Self-Service FAQ

Deploying RSA ClearTrust with the FirePass controller

Deploying Microsoft SharePoint Services with Stingray Traffic Manager DEPLOYMENT GUIDE

Managed Devices - Web Browser/HiView

TIBCO Spotfire Platform IT Brief

BarTender Print Portal. Web-based Software for Printing BarTender Documents WHITE PAPER

Team Foundation Server 2013 Installation Guide

Undergraduate Academic Affairs \ Student Affairs IT Services. VPN and Remote Desktop Access from a Windows 7 PC

ADFS for. LogMeIn and join.me authentication

IBM Aspera Add-in for Microsoft Outlook 1.3.2

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

Setting Up Sharp MX-Color Imagers To Scan To

Enterprise Knowledge Platform

SchoolBooking SSO Integration Guide

Junos Pulse VPN Client Installation

3rd Party VoIP Phone Setup Guide (Panasonic b)

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Metalogix Replicator. Quick Start Guide. Publication Date: May 14, 2015

AVG Business Secure Sign On Active Directory Quick Start Guide

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Active Directory Integration. Documentation. v1.02. making your facilities work for you!

Instructions for Configuring Your Browser Settings and Online Security FAQ s. ios8 Settings for iphone and ipad app

How To Set Up Dataprotect

Wireless Setup for Windows 8

Defender Token Deployment System Quick Start Guide

Checkmate 5.5 Self Hosted Quick Start Guide

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

NSi Mobile Installation Guide. Version 6.2

AGILEXRM REFERENCE ARCHITECTURE

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Single Sign On. SSO & ID Management for Web and Mobile Applications

WorkEngine Pre-Deployment Checklist

Installation and Upgrade Guide

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Nintex Workflow 2010 Installation Guide. Installation Guide Nintex USA LLC, All rights reserved. Errors and omissions excepted.

WHITE PAPER. Active Directory and the Cloud

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

IISADMPWD. Replacement Tool v1.2. Installation and Configuration Guide. Instructions to Install and Configure IISADMPWD. Web Active Directory, LLC

Office 365 deployment checklists

Setup Guide Revision A. WDS Connector

How To Set Up Ops Cser.Com (Pros) For A Pc Or Mac) With A Microsoft Powerbook (Proos) (Prosecco) (Powerbook) (Pros) And Powerbook.Com/

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

HarePoint Workflow Extensions for Office 365. Quick Start Guide

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

Migration Strategies and Tools for the HP Print Server Appliance

Infor Xtreme Browser References

Active Directory Provider User s Guide

Paxera Uploader Basic Troubleshooting

Office 365 deploym. ployment checklists. Chapter 27

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

How to use Pcounter for Windows Common Configurations and Options Revised April 30, 2008

Shavlik Patch for Microsoft System Center

Troubleshooting Jive for SharePoint

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Getting started with 2c8 plugin for Microsoft Sharepoint Server 2010

Tableau Server Trusted Authentication

M-CONNECT PRODUCT FILE UPLOAD EXTENSION FOR MAGENTO COMMERCE

USG40HE Content Filter Customization

Use of Commercial Backup Software with Juris (Juris 2.x w/msde)

Using different Security Policies on Group Level for AD within one Portal. SSL-VPN Security on Group Level. Introduction

TimeTrade Salesforce Connector Administrator Guide

OPC Server Machine Configuration

Agent Configuration Guide

XIA Configuration Server

Request Manager Installation and Configuration Guide

Alberni Valley IT Services Virtual domain information.

Windows SharePoint Services Installation Guide

Publish Cisco VXC Manager GUI as Microsoft RDS Remote App

Fasthosts Internet Parallels Plesk 10 Manual

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

IIS, FTP Server and Windows

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

Portal Recipient Guide

Instructions for Accessing the Hodges University Virtual Lab

Citrix Access on SonicWALL SSL VPN

EMR Link Server Interface Installation

WhatsUp Gold v16.3 Installation and Configuration Guide

Transcription:

Jive Connects for Microsoft SharePoint: Authentication Scenarios

Contents Authentication Scenarios... 3 Scenario 1: Authentication Through Impersonation...3 Impersonation Restriction Validation...4

Jive Connects for Microsoft SharePoint: Authentication Scenarios Jive Connects for Microsoft SharePoint: Authentication Scenarios - 2

Authentication Scenarios Jive Connects for Microsoft SharePoint provides tight integration between SharePoint and Jive. It takes SharePoint s strengths as a content repository with complex workflows and document management and couples it with Jive s social networking capability, intuitive interface, and high adoption rate. One of the major integration components is the ability to seamlessly authenticate a user's credentials and to properly authorize access based on each product's security "trimming" capability. Security "trimming" means to only show a user what they have the abiltity to see and/or interact with. This section focuses on authentication scenarios between Jive and SharePoint. Each scenario represents a real configuration used to demonstrate or test Jive and SharePoint integration. Scenario 1: Authentication Through Impersonation The following configuration describes a demonstration environment configured to use NTLM authentication and Impersonation for web service communication between SharePoint and Jive. This is the simplest authentication configuration between Jive and SharePoint. Individual Server Machines: JS-DC-02.jivedemo.local (Domain Controller) JS-J3-02.jivedemo.local (Jive Server) JS-M7-02.jivedemo.local (MOSS/SharePoint Server) Setting the Authentication Provider in SharePoint Registering a Jive Installation in SharePoint Jive Connects for Microsoft SharePoint: Authentication Scenarios - 3

Registering a SharePoint Location in Jive Impersonation Restriction Validation Jive Connects for Microsoft SharePoint: Authentication Scenarios - 4

Because the Sharepoint Connector uses impersonation, steps must be taken to restrict impersonation requests such that only authorized requests are performed. The configuration for these restrictions are discussed in: Configuring the Farm For Jive System Properties for SharePoint Integration There are basically two ways to restrict impersonation: by service account and by originating IP address. Restricting by service account is recommended. Restricting by originating IP address can also be done, but if load balancers are used in front of SharePoint or Jive then this can be less useful without extra network configuration. SharePoint Restriction Validation 1. (Optional) Test with validation turned off. a. Validate that no restrictions are set. Review the settings on Configuring the Farm For Jive and verify that: Impersonation is allowed Valid Incoming IP Addresses for Impersonation is blank Valid Incoming Service Accounts for Impersonation is blank b. Test hitting the custom SharePoint web services. 1. Log into SharePoint as a regular user (not a service account). IE or Firefox are ideal browsers for this because the results are easier to see (Chrome does not show results very well). 2. Determine a user you want to impersonate (not the account used above). 3. Change the URL in your browser to the following. Change <user> to the login of the user chosen in the step above (do not include the domain). <site_url>/_layouts/jive/webs.svc/rest/getwebs/<user> For example, http://sharepoint.mycompany.com/_layouts/jive/webs.svc/rest/ getwebs/john.doe 4. You should see results in your browser showing a <webcollection> with more details. If this were to fail due to impersonation restrictions you should see something like: Invalid service account of '<domain>\<user>' for impersonation. Request denied. Invalid user host address of '<ip address>' for impersonation. Request denied. 2. Restrict the service account. a. Update SharePoint configuration to restrict the service account. 1. Navigate to Configuring the Farm For Jive. 2. Add each SharePoint Service account(s) specified in Adding a SharePoint Location to the Valid Incoming Service Accounts field. Hit the check icon to validate that the user is found. 3. Save your changes. 4. Perform an IISRESET (do for all web front ends). b. Test hitting the SharePoint web services with service accounts restricted. 1. Perform all steps under Step 1: (Optional) Test with validation turned off above. This should fail. 2. Perform all steps under Step 1: (Optional) Test with validation turned off above, but log into SharePoint using one of the service accounts. This should succeed. 3. (Optional) Restrict the incoming IP address. a. Update SharePoint configuration to restrict the IP address. 1. Navigate to Configuring the Farm For Jive. 2. Add each Jive server IP address to the Valid Incoming IP Addresses for Impersonation field. Separate each IP address with a newline/return. Note: You may need to add both IPv4 and IPv6 addresses. If you have load balancers in front of SharePoint, this setting should be left blank unless you can setup your network such that Jive->SharePoint requests bypass the load Jive Connects for Microsoft SharePoint: Authentication Scenarios - 5

balancers and go direct to a SharePoint server. Otherwise you would need to enter the load balancer IP address here and that would defeat the purpose of this restriction. 3. Save your changes. 4. Perform an IISRESET (do for all web front ends). 4. Test hitting the SharePoint web services with incoming IP addresses restricted. a. Perform all steps under Step 1: (Optional) Test with validation turned off above, but log into SharePoint using one of the service accounts and make sure your browser is not running from a Jive server. This should fail. b. Perform all steps under Step 1: (Optional) Test with validation turned off above, but log into SharePoint using one of the service accounts and make sure your browser is running from a Jive server. This should succeed. Jive Restriction Validation 1. (Optional) Test with validation turned off. a. Validate that no restrictions are set. Review the settings on System Properties for SharePoint Integration and verify that: The system property sharepoint.ip.restrictions is blank or non-existent. The system property sharepoint.serviceaccount.restrictions is blank or non-existent. b. Test hitting the custom Jive web services. 1. Log into Jive as a regular user (not a service account and not a Jive admin account). IE or Firefox are ideal browsers for this because the results are easier to see (Chrome does not show results very well). 2. Determine a user you want to impersonate (not the account used above). 3. Change the URL in your browser to the following. Change <user> to the login of the user chosen in the step above (do not include the domain). <jive_url>/rpc/rest/spintegration/places?username=<user> Example: http://jive.mycompany.com/rpc/rest/spintegration/places? username=john.doe 4. You should see results in your browser showing a <places> with more details. If this were to fail due to impersonation restrictions you should see something like: User not authorized for this type of request. User was not found in 'sharepoint.serviceaccount.restrictions' and/or requesting IP was not found in 'sharepoint.ip.restrictions'. 2. Restrict the service account. a. Update Jive configuration to restrict the service account. 1. Review configuration settings on System Properties for SharePoint Integration. 2. Create (or update) a property called sharepoint.serviceaccount.restrictions to have the Jive Service account(s) specified in each SharePoint Service account(s) specified in Manage Jive Installations. Separate multiple names with a comma. Do not include domain names. 3. Save your changes. b. Test hitting the Jive web services with service accounts restricted. 1. Perform all steps under Step 1: (Optional) Test with validation turned off above. This should fail. 2. Perform all steps under Step 1: (Optional) Test with validation turned off above, but log into Jive using one of the service accounts. This should succeed. 3. (Optional) Restrict the incoming IP address. a. Update Jive configuration to restrict the IP address. 1. Review configuration settings on System Properties for SharePoint Integration. 2. Create (or update) a property called "sharepoint.ip.restrictions" to have each SharePoint server IP address. Separate each IP address with a comma. Note: You may need to add both IPv4 and IPv6 addresses. If you have load balancers in front of Jive, this setting may not work as well and you may want to go without setting this property. If you can setup your network such that Jive Connects for Microsoft SharePoint: Authentication Scenarios - 6

SharePoint->Jive requests bypass the load balancers and go direct to a Jive server it should work fine. Otherwise it may require that you enter the load balancer IP address here and that would defeat the purpose of this restriction. 3. Save your changes. b. Test hitting the Jive web services with incoming IP addresses restricted. Perform all steps under Step 1: (Optional) Test with validation turned off above, but log into Jive using one of the service accounts and make sure your browser is not running from a SharePoint server. This should fail. Perform all steps under Step 1: (Optional) Test with validation turned off above, but log into Jive using one of the service accounts and make sure your browser is running from a SharePoint server. This should succeed. Jive Connects for Microsoft SharePoint: Authentication Scenarios - 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information