Designing an Identity Management Portal - PowerPoint PPT Presentation

Loading...

PPT – Designing an Identity Management Portal PowerPoint presentation | free to view - id: 101c84-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Designing an Identity Management Portal

Description:

Designing an Identity Management Portal – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 40
Provided by: btur1
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Designing an Identity Management Portal


1
Designing an Identity Management Portal
  • Integrating Identity and Access with SharePoint
  • Brad Turner
  • Architect, Identity and Access Management
  • http//www.identitychaos.com
  • Jerry Camel
  • Senior Consultant, Identity and Access Management
  • http//digitalcamel.blogspot.com

If youre here, youre probably not the
SharePoint person theyre all at the
SharePoint Conference 2008 also this week.
2
Introduction and Focus
  • People
  • Skills update for ILM 2 and WSS requirements
  • Process
  • Common issues surrounding WSS installations
  • Technology
  • Security (Microsoft Supports 1 reason for
    calling)
  • WSS/SharePoint authentication considerations
  • Kerberization via AzMan supplemental content
    on the blogs
  • Content
  • Portal content and reporting
  • Dashboards
  • Workflow integration and reporting

Sample Portal Application Youve been tasked
with controlling the lifecycle of service
accounts in your organization. How can you build
a solution that models application relationships
with their service accounts and that
automatically maintains Kerberos delegation? How
can you report on workflow status?
3
ILM 2 Architecture Overview
4
ILM 2 Architecture
ILM 2
how many servers to scale the new components?
ILM 2007
local or remote SQL install, clustered or not?
5
SharePoint Database
  • As of ILM 2 Beta 2, only the Windows Internal
    Database is supported for hosting the ILM portal
    application
  • This isnt going to be acceptable for most
    deployments

6
IDA Evolving Skill Sets
7
Directory Services
8
.NET Framework
9
SQL/DBMS
10
Certificate Lifecycle Manager
SharePoint Portal in ILM 2?
11
Windows SharePoint Services
12
Office Integration
13
Sharepoint Portal security
14
Getting Started with WSS 3.0
  • What do I need to know to get started?
  • Windows SharePoint Services 3.0 Technical Library
  • Getting started for Windows SharePoint Services
    3.0 technology
  • Microsoft SharePoint Products and Technologies
    Team Blog
  • Microsoft E-Learning Collections 5403
  • Microsoft E-Learning Courses 5244, 5245, 5246,
    5247
  • Microsoft Windows SharePoint Services 3.0 Step by
    Step

Find a local SharePoint Users Group!
15
WSS Common Problems
  • I cant find the database you installed using
    Typical mode and now you have Windows Internal
    Database
  • How do I create a portal create a new Web
    Application first and then create a new Site
    Collection
  • Trouble accessing the site check your
    Alternate Access Mappings, these should match the
    URL youre attempting as well as your host
    headers also make sure Anonymous access is
    disabled and that these sites are in the Intranet
    zone in IE

16
WSS Common Problems (contd)
  • Occasionally it takes forever for the portal
    to respond this is IIS shutting the process
    down after it becomes idle
  • current identity does not have write access to
    (the framework temp dir) you need to run
    aspnet_regiis -i to re-register the Framework
    components with IIS.
  • I cant get Kerberos to work many people get
    frustrated and fall back to NTLM, its confusing
    but it IS possible
  • Other common errors and troubleshootinghttp//su
    pport.microsoft.com/kb/944267

17
ILM Proof of Concept
  • Check 1dent1y cHa0s for the release this week
  • ADMA configured to read AzMan store from AD
  • Sample attribute flow code to set SPNs and
    delegation on service accounts
  • Walkthrough for configuring AzMan to model the
    application, service class, and URIs.

18
Modeling SPN Relationships
Normal Delegation uses userAccountControl
(TRUSTED_FOR_DELEGATION)
Constrained Delegation uses msDS-AllowedToDelega
teTo
19
AzMan as an Application Model
  • Authorization Manager (AzMan) provides a
    functional way to model an application in AD or
    XML
  • AzMan alone isnt designed to represent complex
    relationships required to automate Constrained
    Delegation we need some help from SQL or custom
    SharePoint lists to do this
  • The entire relationship to model includes
  • Applicationlt-gtSvc Acctslt-gtSvc Classeslt-gtURLPort

20
Simple Delegation Modeling with AzMan
msDS-AzRole
msDS-AzTask
Security principal to delegate
msDS-AzTask
Service Class to assign
msDS-AzOperation
msDS-AzTask
URL and Port designation
21
POC Designing a Portal Solution for the
Kerberization problem
  • Built as SharePoint application and leverage
    AzMan itself for authorizations
  • Possible Roles for the Portal Application
  • Domain Users no access
  • App Admins developers, delegated ability to
    create and modify apps without the need for the
    AzMan MMC
  • Infrastructure Admins ability to assign AD
    principals and publish the application
  • The Portal Application should leverage AzMan AD
    store to express the modeled applications once
    published
  • Web Applications and their associated security
    principals should be automatically configured for
    Kerberos delegation by ILM
  • Workflows should be leveraged whenever tasks
    change hands or require approval
  • SharePoint provides all of the tools necessary to
    build the Portal Application and logic within ILM
    can complete the modifications to the security
    principals

22
BUILDING THE ilm Portal Content
23
Elements of a Portal
  • SRS Reports
  • Shortcuts / Menus For Navigation
  • Dashboards
  • Documentation
  • External Tools
  • Direct Links
  • Embedded (ltiframegt or otherwise)
  • Anything Your Little Heart Desires

24
SharePoint Elements
  • Document Libraries
  • Link Lists
  • Web Part Pages
  • Web Parts

25
Reporting Basics The SRS Web Part
  • SRS Web Part Overview

26
Dashboards
  • Provide an Overview of System or Identity Status
  • Use SRS Reports and Other Web Parts as Building
    Blocks
  • Advanced Dashboard Techniques
  • Might Involve HTML and/or JavaScript knowledge
  • SRS Report Linking
  • (Not the same thing as drill down reports.)

27
Landing Page
28
Links and Menus
  • Use Standard SharePoint Lists
  • Group By Category

29
External Application Example
  • Camelogic Configuration Files
  • XML Based Hierarchical Configuration Categories
  • Visual Studio Integrated
  • Type Safe Code References
  • Indexed Configuration Values for Quick Switching
  • Web Based Configuration Editor

30
Integrating External Applications
  • Create Web Parts When Feasible
  • Use Page Viewer Web Parts
  • Content Editor Web Parts w/ HTML ltiframegt
  • May Require Some Tweaking w/ SharePoint Designer

31
Complex Reporting Dashboards
  • Use an SRS Report Viewer Web Part as a Report
    Anchor
  • Anchor Uses a JavaScript Call In Navigation
    Properties of a Textbox
  • Sub-reports are Linked Via Content Editor Web
    Parts and Embedded JavaScript

32
Complex Reporting Dashboards
33
Complex Reporting Dashboards
34
Workflow Integration
  • Use to Incorporate Asynchronous Actions
  • Allows for Human Interaction in ILM Based
    Activities
  • Can be Persisted
  • Can be Tracked

35
Reporting Workflow Status
36
Custom SRS Report items
  • Provide information in the form of a bitmap
  • Specific to SRS, not SharePoint
  • Require advanced .Net coding skills to create.
  • Drag, Drop and Configure, to use.
  • Sample Code

http//msdn.microsoft.com/msdnmag/issues/06/10/SQL
Server2005/
37
Complex Reporting Live Demo
Full Details At http//digitalcamel.blogspot.com/
2008/02/tabbed-sub-reports-with-srs-and.html
38
Parting Thoughts
  • The ILM 2 portal will be extensible if
    nothing else youll be able to build your own
    version from the ground up using the new Web
    Service and the SDK, so its time to start
    building relationships with the talent in your
    company or looking to acquire it yourself when it
    comes time to fine tune your own
    implementation!
  • What about interfacing SharePoint with emerging
    technologies like Windows CardSpace?
  • Look for more detail on the Kerberos and
    reporting solutions herehttp//www.identitychaos
    .comhttp//digitalcamel.blogspot.com
  • Thanks to the following people who helped with
    the research From Microsoft Tom Wisnowski, Tim
    Baggs, James World

39
  • Q A
About PowerShow.com