Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1



Similar documents
SSO BDC is Easy! By Brett Lonsdale, MCTS, MCSD.NET, MCT Lightning Tools 1/12/2008

Configuration Guide for SQL Server This document explains the steps to configure LepideAuditor Suite to add and audit SQL Server.

formerly Help Desk Authority Upgrade Guide

Use QNAP NAS for Backup

Dell Statistica Document Management System (SDMS) Installation Instructions

Single Sign-on (SSO) technologies for the Domino Web Server

formerly Help Desk Authority HDAccess Administrator Guide

Single Sign-on Configuration for SharePoint Integration

Dell InTrust Preparing for Auditing Microsoft SQL Server

Cloud Authentication. Getting Started Guide. Version

User Guide Microsoft Exchange Remote Test Instructions

Strong Authentication for Juniper Networks SSL VPN

Installing the BlackBerry Enterprise Server Management Software on an administrator or remote computer

Dell Statistica Statistica Enterprise Installation Instructions

TROUBLESHOOTING GUIDE

Enterprise Self Service Quick start Guide

IBM Aspera Add-in for Microsoft Outlook 1.3.2

Microsoft Business Intelligence 2012 Single Server Install Guide

Working with Structured Data in Microsoft Office SharePoint Server 2007 (Part1): Configuring Single Sign On Service and Database

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

HOTPin Integration Guide: DirectAccess

Windows SharePoint Services Installation Guide

Symantec Enterprise Vault

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Strong Authentication for Microsoft SharePoint

Contents Notice to Users

Defender Token Deployment System Quick Start Guide

Web Remote Access. User Guide

ThirtySix Software WRITE ONCE. APPROVE ONCE. USE EVERYWHERE. SMARTDOCS SHAREPOINT CONFIGURATION GUIDE THIRTYSIX SOFTWARE

Strong Authentication for Juniper Networks

BES10 Self-Service. Version: User Guide

CA Nimsoft Service Desk

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Online Statements. About this guide. Important information

Installation Guide v3.0

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Active Directory Reporter Quick start Guide

Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

NTP Software File Auditor for Windows Edition

Interworks. Interworks Cloud Platform Installation Guide

Installation and Upgrade Guide

Microsoft Corporation. Project Server 2010 Installation Guide

Using Microsoft Active Directory Server and IAS Authentication

NAS 221 Remote Access Using Cloud Connect TM

Active Directory Change Notifier Quick Start Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Citrix Systems, Inc.

Dell One Identity Cloud Access Manager Installation Guide

Portal Administration. Administrator Guide

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Self Help Guides. Create a New User in a Domain

Creating IBM Cognos Controller Databases using Microsoft SQL Server

AvePoint SearchAll for Microsoft Dynamics CRM

Defender Delegated Administration. User Guide

QUANTIFY INSTALLATION GUIDE

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

Symantec Backup Exec 2010 R2. Quick Installation Guide

EVault Endpoint Protection 7.0 Single Sign-On Configuration

AvePoint SearchAll for Microsoft Dynamics CRM

CA Technologies SiteMinder

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

File Auditor for NAS, Net App Edition

DocAve for Office 365 Sustainable Adoption

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Virtual Contact Center

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Symantec Mobile Management for Configuration Manager

Server Virtualization with QNAP Turbo NAS and Microsoft Hyper-V

Integrating ConnectWise Service Desk Ticketing with the Cisco OnPlus Portal

Mindjet on-premise Installation Instructions for Microsoft SharePoint 2007

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Microsoft Dynamics GP. SmartList Builder User s Guide With Excel Report Builder

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Security Analytics Engine 1.0. Help Desk User Guide

Business Portal for Microsoft Dynamics GP. Project Time and Expense Administrator s Guide Release 10.0

AvePoint CallAssist for Microsoft Dynamics CRM. Installation and Configuration Guide

Kaseya 2. User Guide. Version 6.1

Virtual Contact Center

System Requirements. Installation. Microsoft SQL Express 2008 R2 Installation

Application Note. Using Mercury/32 as an SMTP Relay Client

CA Spectrum and CA Embedded Entitlements Manager

How To Set Up Total Recall Web On A Microsoft Memorybook (For A Microtron)

DIGIPASS as a Service. Google Apps Integration

Microsoft Dynamics GP. Electronic Signatures

Transcription:

Mashup Sites for SharePoint 2007 Authentication Guide Version 3.1.1

Copyright Copyright 2010-2011, JackBe Corp. and its affiliates. All rights reserved. Terms of Use This documentation may be printed and copied solely for use in developing products for the PRESTO ENTERPRISE MASHUP SOFTWARE PLATFORM. JackBe, Corp. reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of JackBe, Corp. to provide notification of such revision or changes. JackBe, Corp. AND ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES THAT THE DOCUMENTATION IS FREE OF ERRORS OR THAT THE DOCUMENTATION IS SUITABLE FOR YOUR USE. THE DOCUMENTATION IS PROVIDED ON AN AS IS BASIS. JackBe, Corp. AND ITS SUPPLIERS MAKE NO WARRANTIES, TERMS OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES, TERMS, OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND SATISFACTORY QUALITY. TO THE FULL EXTENT ALLOWED BY LAW, JackBe, Corp. ALSO EXCLUDES FOR ITSELF AND ITS SUPPLIERS ANY LIABILITY, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), FOR DIRECT, INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE OR PROFITS, LOSS OF BUSINESS, LOSS OF INFORMATION OR DATA, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THIS DOCUMENTATION, EVEN IF JackBe, Corp. OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IF THIS DOCUMENTATION IS PROVIDED ON A COMPACT DISC, THE OTHER SOFTWARE AND DOCUMENTATION ON THE COMPACT DISC ARE SUBJECT TO THE LICENSE AGREEMENT ACCOMPANYING THE COMPACT DISC. Trademarks JackBe, Presto, the Jackbe logo and Presto logo are trademarks or registered trademarks of JackBe Corporation. Microsoft, SharePoint, ASP,.NET and the Microsoft Internet Explorer logo, Windows, Windows logo are registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other product and brand names may be trademarks or registered trademarks of their respective owners.

Contents Introduction... 4 Orientation... 4 Terminology... 4 Supported Authentication Combinations... 6 Setting up Mashup Sites for SharePoint Authentication... 7 SSO Approach... 7 Non-SSO Approach... 9 Override Mashup Server Setting... 9 Appendix A: Configuring the Microsoft Single Sign-On Service... 10 Steps to Configure the MOSS SSO Service... 10 Steps to Configure the MOSS SSO Service Settings... 11 Additional References... 13 Mashup Sites for SharePoint Authentication Guide, v 3.1.1 3

Introduction This document explains Mashup Sites for SharePoint Single Sign-On (SSO) in detail and discusses how to configure authentication between your SharePoint installation and Presto Mashup Servers. This allows you to set up the appropriate level of security and user experience for your needs when your environment has bi-directional authentication between SharePoint and one to many Presto Mashup Servers. Depending on the type of authentication you configure for your SharePoint installation, there are several options you can choose to ensure this works best for your organization. Mashup Sites for SharePoint SSO leverages and extends Microsoft Office SharePoint Server Single Sign-on (MOSS SSO) in order to provide a seamless experience of authentication between SharePoint and Presto Mashup Server. The challenge presented with respect to user authentication is that users who are already authenticated in SharePoint must also authenticate with various Presto Mashup Servers as seamlessly as possible. For the best user experience, a user should only be required to login to a system once and gain authorization to remote systems using their current identity. The solution to this challenge is multi-faceted depending on your SharePoint environment and the type of authentication already configured for users in SharePoint. In brief, utilizing MOSS SSO and Mashup Sites for SharePoint SSO, users will be able to gain access to Presto Mashup Server with very little effort. We will begin by orienting the reader to Mashup Sites for SharePoint SSO by explaining the terminology and then help the reader decide which deployment scenario they would like to use. Then we will guide the user through the setup process to configure authentication for their particular needs. Orientation This section walks you through the terms relevant to Mashup Sites for SharePoint SSO and guides you, step by step, on how to choose your authentication configuration. Terminology Mashup Sites for SharePoint authentication includes the following terms: Microsoft Office SharePoint Server Single Sign-On (MOSS SSO): a SharePoint (MOSS only) service that can be configured to store user credentials for additional applications, such as Mashup Server. If you choose to use the MOSS SSO service, each Mashup Server that SharePoint connects to needs a MOSS SSO application defined that stores user credentials for that Mashup Server. This allows SharePoint to authenticate against multiple Mashup Servers without prompting users for their credentials every time they need to connect to a Mashup Server to view Mashups or Apps in SharePoint. Depending on how you configure MOSS SSO, users are given access to Mashup Servers as part of a group or on an individual basis. If MOSS SSO is not available or you choose not to use MOSS SSO, users must enter their credentials to login to each Mashup Server every time they begin a new session in SharePoint (browser window closes and re-opens or session times out). Mashup Sites for SharePoint Authentication Guide, v 3.1.1 4

(Note: MOSS SSO must be configured correctly to work for integration with Mashup Server. Please see Appendix A for more information on recommendations for configuring MOSS SSO) Cookie Forwarding (CF): in this context, cookie forwarding creates a user session in Mashup Server the first time a user attempts to use that Mashup Server, using stored credentials or credentials the user enters in a login form. Information for this user session is passed back to the user s browser as a cookie which the browser automatically forwards in all subsequent requests to the Mashup Server. The Mashup Server uses this session information to determine the user s authorization to Mashups and Apps. Client Mashup Server (Note: Cookie Forwarding can only be used on servers with the same domain. If SharePoint is located at site1.cmo, for example, the MashupSserver must also have the same domain,such as ms.site1.com or site.com:8080. This is a restriction of Internet browsers.) Token Authentication (TA): when SharePoint and the Mashup Server are on separate domains or when cookie forwarding is disabled, Token Authentication can create a session for a user using a token service to generate a token ID for the user s session in SharePoint. Requests to the Mashup Server pass a ticket containing that token ID which the Mashup Server redeems from the token server. The Mashup Server creates a user session once the ticket is redeemed and passes session information back to the user s browser as a cookie. Token Service Client Mashup Server (Note: Token Authentication only works if MOSS SSO is properly configured. See Appendix A for more on how to configure MOSS SSO.) Manual Authentication: users log into each Mashup Server every time they need to create a new session in Mashup Server. Because the user s credentials are not stored in MOSS SSO there is no way to retrieve these credentials in order to automatically create a new session in Mashup Server. Of the possible options for authentication, this one gives the worst user experience Mashup Sites for SharePoint Authentication Guide, v 3.1.1 5

since the user must login every time a Mashup Server session either expires or needs to be created. Supported Authentication Combinations The choice of authentication design hinges on two aspects of your SharePoint environment: The following table presents how these authentication components can be used together to produce different balances of user experience vs. feature availability. Cooking Forwarding Token Authentication User Experience MOSS with Single Sign On Enabled Yes --- This provides a true single sign-on experience for users, but only when Mashup Servers are in the same domain as SharePoint and the SSO service is enabled. --- Yes This provides a true single sign-on experience for users when Mashup Servers are in the same domain or in remote domains as SharePoint and the SSO service is enabled. Mashup Sites for SharePoint Authentication Guide, v 3.1.1 6

Cooking Forwarding Token Authentication User Experience MOSS Without SSO Yes --- Although users must login with each Mashup Server for each session, they are not prompted for credentials for each mashup and App. This is only possible when Mashup Servers are in the same domain as SharePoint. --- --- This represents the poorest user experience, where users must login with the Mashup Server for each Web Part. This is the only option, however when the SSO service is disabled and Mashup Servers are in remote domains from SharePoint. Setting up Mashup Sites for SharePoint Authentication This next section walks you through the steps needed to configure authentication for Mashup Sites for SharePoint. If SSO is not configured and cookie forwarding is not enabled, then the user will still be able to authenticate against Mashup Server using Manual Authentication (MA). SSO Approach If you choose to use of MOSS SSO and have configured it for your SharePoint server, you must also configure SSO for Mashup Sites for SharePoint (see Appendix A for steps on configuring MOSS SSO). Create MOSS SSO Application As farm administrator, browse to SharePoint Central Administration. 1. On the Central Administration home page, click Operations. 2. In the Security Configuration section, click Manage settings for single sign-on. Mashup Sites for SharePoint Authentication Guide, v 3.1.1 7

3. On the Manage Settings for Single Sign-On page, click Manage settings for enterprise application definitions. If you are unable to select the link then SSO is not configured properly (See Appendix A). 4. Click New Item and set the following properties (these property values are for example only) a. Display Name (Name of SSO application displayed to user): local b. Application Name (Name of SSO application Id): local c. Contact e-mail address: administrator@jackbe.sharepoint.local d. Account type: Individual e. Authentication type: leave Windows authentication unchecked f. Leave default Username and Password in place Mashup Sites for SharePoint Authentication Guide, v 3.1.1 8

Configure Mashup Sever Instance Once a SSO application for a Mashup Server has been added you will need to add / update a Mashup Server Instance with the new SSO application information (see Installation and Configuration document for more detail on adding / updating Mashup Server Instance). On the Mashup Server instance page select SSO Enabled check box and select the SSO application you just created in the drop down menu. If Mashup Server is in the same domain as SharePoint select, Cookie Forwarding Option Enabled, to enable cookie forwarding. If they are not in the same domain, leave this check box unchecked and Token Authentication will be used. Non-SSO Approach With SSO disabled for your SharePoint server, the user experience will be a significantly less seamless as a user will be required to enter their credentials every time their SharePoint session expires (browser closes / re-opens). To get a better user experience with SSO disabled, the best option is to enable cookie forwarding for any Mashup Servers that share the same domain as SharePoint. To enable cookie forwarding for a Mashup Server, you must add or update a Mashup Server instance (see Installation and Configuration for instructions). In the edit Mashup Server page, set the Cookie Forwarding Option Enabled. For Mashup Servers in remote domains, the only option is Manual Authentication where users must login every time they need to access Mashup Server. Override Mashup Server Setting In the case you are overriding a Mashup Server Instance in a Web Part (see screenshot). You can also manually enter the SSO application Id in the SSO Application Name textbox. Mashup Sites for SharePoint Authentication Guide, v 3.1.1 9

In addition to being able to use the Mashup Server Override checkbox, the override will check the global setting for Cookie Forwarding to know if it should try to use cookie forwarding or not for the web part. This setting can be found in the Site Settings->Mashup Sites for SharePoint Site Settings. This global setting will allow you to set up Cookie Forwarding on all web parts with overrides at a Site level. Appendix A: Configuring the Microsoft Single Sign-On Service If you already have the Microsoft Office SharePoint Server (MOSS) Single Sign-on (SSO) Service running in your environment, you may skip the next section on configuration for this service and move on to Steps to Configure a SSO Application for Presto. However, you may want to review the steps to ensure your existing configuration will be compatible regarding domain accounts and general access/permissions. Note: Most of these steps come directly from the Microsoft TechNet documentation. See the link for Start Single Sign-on Server. Steps to Configure the MOSS SSO Service 1. From Administrative Tools, click Services 2. Double-click Microsoft Single Sign-On Service. Mashup Sites for SharePoint Authentication Guide, v 3.1.1 10

3. On the Log On tab of the Since Sign-On Servive Properties page, click This account. Then enter the domain, user name and password that you have used to install and manage your server. Note: This account should be the same account used for the SharePoint application pool associated to the SharePoint site that will be using the Single Sign-on Service. The account must be associated to the dbcreator and securityadmin SQL Server roles on the SQL Server that will be used to host the SSO database. See the link to Dave Wollerman s SharePoint Blog below for more information. 4. Click Apply. 5. On the General tab of the Single Sign-On Service Properties page, change the startup type to Automatic, click Start and then click OK. Steps to Configure the MOSS SSO Service Settings Note: Most of these steps come directly from the Microsoft TechNet documentation (see link for Manage Settings for Single Sign-on below). 1. From Administrative Tools, open the SharePoint Central Administration Web application. 2. On the Central Administration home page, click Operations. 3. Under Security Configuration, select Service accounts. Mashup Sites for SharePoint Authentication Guide, v 3.1.1 11

4. Select Single Sign-on Service as the Windows service. Enter a service account username and password and click Ok. This closes the Service accounts window. 5. In Security Configuration, click Manage settings for single sign-on. 6. On the Manage Settings for Single Sign-On page, click Manage server settings. 7. For the Account Name, enter the same domain and user name that you used to configure the Single Sign-On service. If the user name you used to configure the Single Sign-On service is a member of a Windows security group, you can type the name of the Windows security group instead of a user name. Mashup Sites for SharePoint Authentication Guide, v 3.1.1 12

8. For the Enterprise Application Definition Administrator Account,enter the same domain and user name that you used to configure the Single Sign-On service. 9. For the Server name, enter the SQL Server instance name, using the netbios\instance naming convention, to use for the Single Sign-on database. 10. For the Database name, enter the name for the Single Sign-on database, such as SSO. 11. Leave the default values for the Ticket time out and Delete audit log records older than (in days) fields. 12. Click OK At this point you should have a running instance of the Microsoft SharePoint Single Sign On service. This includes a new database for securely storing SSO user credentials. The next step is to configure a SSO application for Presto. Please see Steps to Configure a SSO Application for Presto below. Additional References Start the Single Sign-on Service http://technet2.microsoft.com/office/en-us/library/34d6aeca-2a18-4416-8824-85d709d1b0da1033.mspx?mfr=true Manage Settings for Single Sign-on http://technet2.microsoft.com/office/en-us/library/cd4f4a25-e393-4e1b-9c26- a0bed175d3a21033.mspx?pf=true Dave Wollerman s SharePoint Blog http://www.sharepointblogs.com/llowevad/archive/2007/06/25/sharepoint-2007-single-sign-onsetup.aspx Mashup Sites for SharePoint Authentication Guide, v 3.1.1 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information