Scribd Logo
Carica

Benvenuto in Scribd!

  • Introduction To OAuth in SharePoint 2013

    Caricato da

    Eric Shupps
    143 visualizzazioni42 pagine
    Introduction to OAuth in SharePoint 2013

    Titolo originale

    Introduction to OAuth in SharePoint 2013

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Introduction to OAuth in SharePoint 2013

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    143 visualizzazioni42 pagine

    Introduction To OAuth in SharePoint 2013

    Caricato da

    Eric Shupps
    Introduction to OAuth in SharePoint 2013

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 42

    Sponsored by:

    Real-time application monitoring, event


    management, and operational health
    metrics for Microsoft SharePoint
    Reduce troubleshooting time by up to 30%
    Increase efficiency and improve user satisfaction
    Avoid downtime and costly outages
    Meet or exceed service level agreements
    Maximize investment in current infrastructure

    Visit us on the web at www.binarywave.com

    The
    The
    SharePoint
    SharePoint
    Cowboy
    Cowboy
    Eric Shupps

    CKS:DEV
    CKS:DEV

    Patterns
    Patterns
    &
    &
    Practices
    Practices

    www.sharepointcowboy.com
    www.sharepointcowboy.com

    eshupps@binarywave.com
    eshupps@binarywave.com

    facebook.com/sharepointcowboy
    slideshare.net/eshupps

    @eshupps

    authorization

    Resource
    Owner

    Resource
    Server

    Grants access to
    a protected
    resource

    Hosts the
    protected
    resource and
    accepts access
    requests

    Client
    Application
    making
    protected
    resource
    requests on
    behalf of the
    resource owner

    Authorization
    Server
    Issues access
    tokens

    Authorization Request
    Authorization Grant

    Resource
    Owner

    Authorization Grant

    Client

    Access Token

    Authorization
    Server

    Access Token
    Protected Resource

    Resource
    Server

    User requests access

    App requests
    Request Token
    App builds auth link
    w/ Request Token

    Provider returns
    Request Token

    User requests URL +


    Request Token
    Provider returns
    access token

    User requests URL +


    Access Token

    App validates access


    token
    User granted
    access

    Access token
    validated

    User requests access

    App requests Access


    Token
    App builds auth link
    w/ Access Token

    User requests URL +


    Access Token

    Provider returns
    Access Token

    App validates access


    token
    User granted
    access

    Access token
    validated

    Identity Provider
    Security Token Service

    Manages identity information for principals (STS)

    Handles requests for trusted identity claims

    Identity Token Issuer

    Identity provider associated with a web application

    Security Token Issuer

    Trusted resource (farm, server, etc.)

    Metadata Endpoint

    Resource information and signing certificate (JSON)

    Request Token

    Used to request permission to protected resource

    Access Token

    Used by App to access resource on behalf of user

    Realm
    Azure ACS

    Operation scope for authorization


    Cloud-based security token service (IP-STS)

    User browses to App

    SP gets request token from ACS


    SP sends request tokens to browser

    Browser POSTS parameters to App


    Browser POSTS request token to app

    App requests access token from SP


    App requests access token from ACS

    SP validates S2S trust


    App establishes context

    ACS provides access token


    App establishes context

    Online

    On Premise

    SP returns parameters

    User browses to app

    Get claims from Windows identity

    On Premise

    Get POST parameters from SP

    Parse out Context Token

    Get access token with S2S

    Read and validate context token

    Establish client context

    Get access token

    Get client context from SP with access token

    Online

    Get request parameters

    Tenant ID
    Start
    End

    Tenant ID

    Client ID

    App URL

    Azure ACS
    SharePoint
    User ID + Issuer + App + Realm
    IP-STS URL
    Token sent to IP-STS (Azure ACS)
    Browser or Event Receiver

    Tenant ID

    {
    "typ":"JWT"
    "alg":"RS256"
    "x5t":"kriMPdmBvx68skT8-mPAB3BseeA"}.{"aud":"00000003-0000-0ff1-ce00- 000000000000
    SharePoint

    Host Web
    Tenant ID
    /binarywaveinc.sharepoint.com@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
    "iss":"00000001-0000-0000-c000-000000000000@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
    Azure ACS
    Tenant ID

    Start
    "nbf":1400013357
    "exp":1400056557
    End
    "nameid":"1003000086ad02d6"
    UPN
    "actor":"c90047b7-392a-42e7-8c52-65afa92e5d0d@2ae1caa2-a173-4989-b8f5-9da45655b8f4"
    Tenant ID
    STS ID
    "identityprovider":"urn:federation:microsoftonline
    }

    Description

    Link

    OAuth Working Group

    http://oauth.net/

    OAuth Resource Guide

    http://bit.ly/14CWPNb

    Authorization and authentication for apps in SharePoint 2013

    http://bit.ly/16f8WFh

    Setting up an OAuth trust between farms in SharePoint 2013

    http://bit.ly/12Yr7e3

    Plan for server-to-server authentication in SharePoint 2013

    http://bit.ly/1chAgFl

    Whats new in authentication for SharePoint 2013

    http://bit.ly/1e6KaYv

    Creating High-Trust apps with S2S

    http://bit.ly/18RL8uL

    Using O365 to Authorize On-Premise Apps

    http://bit.ly/1fvv1Bo

    Explore
    Play
    Follow
    Get Answers

    Give Feedback

    Patterns and practices


    30+ Visual Studio projects
    Common scenarios

    Contribute

    OFC-B254 Integrating Yammer and Microsoft SharePoint Using .NET


    DEV-B230 Most Commonly Asked for On-Premises Customizations Reimagined as
    Applications for SharePoint
    DEV-B319 Get Started Developing Applications for Microsoft Office and
    SharePoint Server 2013
    DEV-B231 Office Power Hour: New Developer APIs and Features for
    Applications for Office

    DEV-B227 Anyone Can Build a SharePoint Application with Microsoft Access


    OFC-B274 Implementing Microsoft SharePoint 2013 Hybrid for Search, Business
    Connectivity Services, Microsoft OneDrive for Business and Yammer

    DEV-B232 Creating Cloud Hosted Line-of-Business Applications with Apps for Office,
    Microsoft Office 365, Microsoft Azure, and Windows Phone 8
    OFC-B311 A Practical Use of External Data Sources
    DEV-B357 Developing Office 365 Cloud Business Applications

    DEV-B387 Deep Dive into Mail Compose Applications APIs


    DEV-B386 Setting Up Your On-Premises Environment for App Development

    DEV-B228 Build Connected Productivity Apps for SharePoint and Office


    DEV-B390 SharePoint Power Hour: New Developer APIs and Features for Apps for
    SharePoint
    DEV-B389 Who Are You and What Do You Want? Working with OAuth in Microsoft
    SharePoint 2013

    EXM04 Exam Prep: 70-331 and 70-332

    http://channel9.msdn.com/Events/TechEd

    www.microsoft.com/learning

    http://microsoft.com/technet

    http://microsoft.com/msdn

    Potrebbero piacerti anche