Sponsored by: Visit us on the web at www.binarywave.com Real-time application monitoring, event management, and operational health metrics for Microsoft SharePoint Reduce troubleshooting time by up to 30% Increase efficiency and improve user satisfaction Avoid downtime and costly outages Meet or exceed service level agreements Maximize investment in current infrastructure CKS:DEV The SharePoint Cowboy Patterns & Practices Eric Shupps www.sharepointcowboy.com eshupps@binarywave.com facebook.com/sharepointcowboy @eshupps Introduction Farms On Premise Apps OAuth + SharePoint Servers Cloud Apps Agenda INTRODUCTION authorization User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Request Token Provider returns access token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 3 User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 OAuth in SharePoint 2013 Manages identity information for principals (STS) Identity Provider Handles requests for trusted identity claims Security Token Service Identity provider associated with a web application Identity Token Issuer Trusted resource (farm, server, etc.) Security Token Issuer Resource information and signing certificate (JSON) Metadata Endpoint Used to request permission to protected resource Request Token Used by App to access resource on behalf of user Access Token Operation scope for authorization Realm Cloud-based security token service (IP-STS) Azure ACS Farms My Sites Content Distributed Roles Enterprise Features Managed Metadata Search Shared Service Applications Request Management Consumer Export Root & STS Certificates Copy Certificates Import root certificate(s) and create trusted root authority Provider Export Root Certificate Copy Certificates Import STS Certificate Create Trusted Service Token Issuer Import root certificate(s) and create trusted root authority Consumer Provider Create Trusted Root Authority Set Authentication Realm Create Trusted Security Token Issuer Create App Principals Create Trusted Root Authority Create Trusted Security Token Issuer Servers Other Lync Office Web Applications Workflow Servers Exchange Certificates Metadata Create security token issuer Assign app principal permissions Install client components Export/Import certificates Create root authorities Execute configuration scripts Execute configuration scripts On-Premise Apps App establishes context SP validates S2S trust App requests access token from SP Browser POSTS parameters to App SP returns parameters User browses to App User Permissions App behaves in context of user Consistent across all requests Specific access rights and scope requested by app App Only Permissions Granted on app installation Establish client context Get access token with S2S Get claims from Windows identity Get request parameters Cloud Apps App establishes context ACS provides access token App requests access token from ACS Browser POSTS request token to app SP sends request tokens to browser SP gets request token from ACS User browses to app Get client context from SP with access token Get access token Read and validate context token Parse out Context Token Get POST parameters from SP Description Link OAuth Working Group http://oauth.net/ OAuth Resource Guide http://bit.ly/14CWPNb Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8WFh Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e3 Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAgFl Whats new in authentication for SharePoint 2013 http://bit.ly/1e6KaYv Creating High-Trust apps with S2S http://bit.ly/18RL8uL Using O365 to Authorize On-Premise Apps http://bit.ly/1fvv1Bo