General SharePoint authentication resources

 

 

BI Crash Course 14 - Configure for for Kerberos DelegationGP0|#6553c9ac-7cd3-4c35-9ee0-494641495101;L0|#06553c9ac-7cd3-4c35-9ee0-494641495101|Authentication;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213When delegating Active Directory credentials to your back-end database servers, you probably need to enable Kerberos delegation. In newer versions of SharePoint, this has become a lot easier through the use of the Claims to Windows Token service. This video builds on the last one (#13) by showing the SPNs and AD trusts needed to enable Kerberos delegation in the SharePoint 2013 BI Farm.
Configuring Kerberos for Microsoft SharePoint 2010 BI in 7 Steps (SQL Server 2012)GP0|#876a554a-0cb6-40ec-ae6a-1db546d01457;L0|#0876a554a-0cb6-40ec-ae6a-1db546d01457|Kerberos;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213;GP0|#915d058d-239c-403d-8c63-ddcd997c707f;L0|#0915d058d-239c-403d-8c63-ddcd997c707f|BI;GPP|#a5205c2f-ad79-446f-8d9e-afd0eeecf427A top call generator for SharePoint BI is the configuration of Kerberos to allow user credentials to be passed to back end data sources. With Microsoft SQL Server 2012, Reporting Services will be fully integrated with SharePoint as a service. Come learn how to configure your environment. Learn how to discover what SPNs need to be set, how to configure Constrained Delegation, and how to troubleshoot potential issues. #TEDBI304
Demystifying Kerberos in SP2013 and SQL 2012 for business intelligenceGP0|#915d058d-239c-403d-8c63-ddcd997c707f;L0|#0915d058d-239c-403d-8c63-ddcd997c707f|BI;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#a5205c2f-ad79-446f-8d9e-afd0eeecf427;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213;GP0|#876a554a-0cb6-40ec-ae6a-1db546d01457;L0|#0876a554a-0cb6-40ec-ae6a-1db546d01457|Kerberos;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564Business Intelligence requirements in SharePoint often require use of the Secure Store for security but ultimately may require Kerberos to handle "double-hops." The configuration is often misunderstood and not completed correctly. This session will include an explanation of required elements for Kerberos in SharePoint and SQL. It will also demonstrate a complete configuration of a multi-tiered server farm running Kerberos
Overview of Microsoft Office 365 Identity ManagementGP0|#65bfc732-532b-4157-9420-08aca50c3d9e;L0|#065bfc732-532b-4157-9420-08aca50c3d9e|Office 365;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#622a2a3e-b232-4024-952a-55c7b56949a4;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213;GP0|#6553c9ac-7cd3-4c35-9ee0-494641495101;L0|#06553c9ac-7cd3-4c35-9ee0-494641495101|Authentication;GPP|#1b064965-36f6-40b1-a474-78053852e564As you move to the cloud with Microsoft Office 365, your directory moves there as well. Your organization's directory lists all the people who you can collaborate with using Office 365 and it enables users to log in and authenticate themselves. This session introduces you to Office 365 Identity Management with a focus on how user accounts are synchronized with other repositories. It is aimed at those who work with Office 365 and need to understand the scope of Identity Management and the capabilities available to an Office 365 IT Administrator.
Understanding permissions in SharePointGP0|#6553c9ac-7cd3-4c35-9ee0-494641495101;L0|#06553c9ac-7cd3-4c35-9ee0-494641495101|Authentication;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213Are you confused about how permissions work in SharePoint? Controlling access to sites, libraries and items in those libraries is an important part of using SharePoint in your organization. This conceptual video explains the basic guidelines to follow when working with SharePoint permissions. You’ll get an overview of these guidelines, including how to creating unique permissions for sites, sub-sites, and libraries by breaking permissions inheritance.
Kerberos - SharePoint 2013, SQL 2012 for Business IntelligenceGP0|#876a554a-0cb6-40ec-ae6a-1db546d01457;L0|#0876a554a-0cb6-40ec-ae6a-1db546d01457|Kerberos;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213;GP0|#915d058d-239c-403d-8c63-ddcd997c707f;L0|#0915d058d-239c-403d-8c63-ddcd997c707f|BI;GPP|#a5205c2f-ad79-446f-8d9e-afd0eeecf427;GP0|#696b9a94-3537-458e-b81e-938e4aefd34a;L0|#0696b9a94-3537-458e-b81e-938e4aefd34a|Reporting Services;GPP|#cad6386c-0bed-4b5d-80d2-8b25269297e1;GPP|#622a2a3e-b232-4024-952a-55c7b56949a4 ​The focus of this article is that you would like to configure Kerberos for all the BI functionality in SharePoint. It is a step by step checklist to ensure your Kerberos configuration is correct.
C2WTS test utilityGP0|#48a91ef7-2b39-407e-9351-5ed475401d76;L0|#048a91ef7-2b39-407e-9351-5ed475401d76|Claims;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213 ​A utility to simulate a service application making use of C2WTS service to convert a UPN into a windows token.
Important Change for Custom Claims Providers in SharePoint 2013 - and Refresh of Some Favorite Claims ToolsGP0|#48a91ef7-2b39-407e-9351-5ed475401d76;L0|#048a91ef7-2b39-407e-9351-5ed475401d76|Claims;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213 ​there's been a change in SharePoint 2013 when you install a custom claims provider. The IsUsedByDefault property is now set to False by default; in SharePoint 2010 it was True, which means as soon as you installed your custom claims provider everything "just worked". You will now have to go and change this, either after the fact or as part of your claims provider receiver assembly, in order to have your claims provider start working.
All you want to know about People Picker in SharePoint GP0|#6553c9ac-7cd3-4c35-9ee0-494641495101;L0|#06553c9ac-7cd3-4c35-9ee0-494641495101|Authentication;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213 ​The people-picker is a SharePoint interface responsible for querying repositories for identities or groups in order to grant them permission in the SharePoint application. Site administrators and other users use the People Picker Web control to select people and groups when assigning permissions. This 2 part article provides Ffnctionality, configuration and troubleshooting informations.
Microsoft BI Authentication and Identity DelegationGP0|#6553c9ac-7cd3-4c35-9ee0-494641495101;L0|#06553c9ac-7cd3-4c35-9ee0-494641495101|Authentication;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213;GP0|#cad6386c-0bed-4b5d-80d2-8b25269297e1;L0|#0cad6386c-0bed-4b5d-80d2-8b25269297e1|SQL Server;GPP|#622a2a3e-b232-4024-952a-55c7b56949a4;GP0|#1da233f4-dc04-4361-9f9b-16d4053ca898;L0|#01da233f4-dc04-4361-9f9b-16d4053ca898|Performance Point;GPP|#aa2447c2-0307-4407-bd59-fedab9e12903;GP0|#696b9a94-3537-458e-b81e-938e4aefd34a;L0|#0696b9a94-3537-458e-b81e-938e4aefd34a|Reporting Services;GPP|#cad6386c-0bed-4b5d-80d2-8b25269297e1 ​From straightforward client/server designs to complex architectures relying on distributed Windows services, SharePoint applications, Web services, and data sources, Microsoft BI solutions can pose many challenges to seamless user authentication and end-to-end identity delegation. SQL Server technologies and data providers expect to use Windows authentication while SharePoint Server uses Web Services Security (WS-Security). Familiarity with the authentication protocols and capabilities, delegation limitations, and possible workarounds is an indispensable prerequisite to delivering a positive BI user experience across the entire Microsoft BI solution stack in enterprise environments.
Integrating SharePoint 2013 With ADFS And ShibbolethGP0|#48a91ef7-2b39-407e-9351-5ed475401d76;L0|#048a91ef7-2b39-407e-9351-5ed475401d76|Claims;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213 ​Good description of configuring SharePoint 2013, ADFS 3.0 and Shibboleth
David Crawford's WebLogGP0|#6553c9ac-7cd3-4c35-9ee0-494641495101;L0|#06553c9ac-7cd3-4c35-9ee0-494641495101|Authentication;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213
Claims authentication does not validate user (SharePoint 2013)GP0|#48a91ef7-2b39-407e-9351-5ed475401d76;L0|#048a91ef7-2b39-407e-9351-5ed475401d76|Claims;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213 Because SharePoint 2013 recommends claims-based authentication for user access to web applications, this article describes the tools and techniques that you can use to troubleshoot failed claims-based user authentication attempts.
Change logged in userGP0|#6553c9ac-7cd3-4c35-9ee0-494641495101;L0|#06553c9ac-7cd3-4c35-9ee0-494641495101|Authentication;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213 ​_layouts/closeConnection.aspx?loginasanotheruser=true
Configure Kerberos Authentication for SharePoint 2010 Products GP0|#6553c9ac-7cd3-4c35-9ee0-494641495101;L0|#06553c9ac-7cd3-4c35-9ee0-494641495101|Authentication;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213
SharePoint 2013 & 2010 Claims EncodingGP0|#48a91ef7-2b39-407e-9351-5ed475401d76;L0|#048a91ef7-2b39-407e-9351-5ed475401d76|Claims;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213 ​A good description of how SharePoint displays identity claims encoding format like i05.t|adfs|david@contoso.com
SAML Support for SharePoint-Hosted Apps with ADFS 3.0GP0|#afeedca3-6eba-4b1c-9465-f1b1f76d3e3d;L0|#0afeedca3-6eba-4b1c-9465-f1b1f76d3e3d|Apps;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#a5205c2f-ad79-446f-8d9e-afd0eeecf427;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213;GP0|#bae188e7-5082-4508-9f40-92acdeb18d3b;L0|#0bae188e7-5082-4508-9f40-92acdeb18d3b|SAML;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564 ​SharePoint-hosted apps in web application that uses SAML authentication require ADFS 3.0 to be configured to allow wildcard WS-Fed enpoint. This article has the details
Inside SharePoint 2013 OAuth Context TokensGP0|#f573dc2f-c5f4-41fa-a51a-97d9709762c7;L0|#0f573dc2f-c5f4-41fa-a51a-97d9709762c7|OAuth;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213;GP0|#afeedca3-6eba-4b1c-9465-f1b1f76d3e3d;L0|#0afeedca3-6eba-4b1c-9465-f1b1f76d3e3d|Apps;GPP|#a5205c2f-ad79-446f-8d9e-afd0eeecf427 ​This post will show you how to inspect the SharePoint 2013 context token to better understand how OAuth is used in SharePoint 2013 apps
OAuth and the Rehydrated User in SharePoint 2013 GP0|#f573dc2f-c5f4-41fa-a51a-97d9709762c7;L0|#0f573dc2f-c5f4-41fa-a51a-97d9709762c7|OAuth;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#6553c9ac-7cd3-4c35-9ee0-494641495101;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213 ​Why inter-farm service application authentication requires users to be in the User Profile Service.
Microsoft BI Authentication and Identity Delegation technical reference guideGP0|#6553c9ac-7cd3-4c35-9ee0-494641495101;L0|#06553c9ac-7cd3-4c35-9ee0-494641495101|Authentication;GTSet|#68e31ecf-dbe9-45e0-8a3c-fc6bd6ad0ce6;GPP|#1b064965-36f6-40b1-a474-78053852e564;GPP|#74f9ea2a-fcec-489f-9ca4-da563b559213;GP0|#cad6386c-0bed-4b5d-80d2-8b25269297e1;L0|#0cad6386c-0bed-4b5d-80d2-8b25269297e1|SQL Server;GPP|#622a2a3e-b232-4024-952a-55c7b56949a4