Authentication Designs for P4S 2010
The user experiences that you can deliver using Presto Add-On for SharePoint (P4S) 2010 depend on your SharePoint environment and how SharePoint and Presto Servers are deployed. The factors that determine an authentication architecture include:
SharePointVersion and Authentication: using Microsoft
SharePoint Server (MSS) 2010:
With the Secure Store Service to provide a true single sign-on experience for
P4S users. Other factors in your environment also play a part in supporting single sign-on.
The Secure Store Service stores user credentials for additional applications, such as the Presto Presto Server, accessed from SharePoint. User credentials are organized by target application, also known as an SSO Application Name, allowing the Secure Store service to handle credentials for different applications. You can store user credentials under one SSO Application name to provide credentials that several Presto Servers share, allowing users to access mashups and apps from those Presto Servers seamlessly, or keep credentials for some Presto Servers separate using different SSO Application Names.
WithoutSecure Store Service: this prevents a full single sign-on experience, but can still support SSO with an initial challenge experience depending on other factors in your
SharePoint environment.
Note: | P4S is not currently compatible with third-party single sign-on solutions, such as Netegrity SiteMiner, that are agent-based. If your SharePoint environment uses a third-party SSO solution, users may work in Presto Hub with SharePoint to create mashables, mashups and apps. However, users cannot use P4S actions in SharePoint and cannot publish mashups or apps to SharePoint. |
SharePointand PrestoPresto ServerDomains: how you deploy
Presto Servers in your
SharePoint environments affects the choices for authentication. If single sign-on is not possible, deploying
SharePoint servers and
Presto Servers in the same domains enables the use of cookies to simplify authentication.
User Repository: sharing the same user repository, such as an Active Directory or LDAP Directory, for both
SharePoint servers and
Presto Presto Servers supports a true single sign-on experience. This enables
Presto Servers to use the same credentials as
SharePoint.
Note: | Currently there is a known issue for authentication challenges for mashups published in Mashup Web Parts when the user repository is shared. For mashups users will be challenged initially for mashups. |
The combination of these factors produce three authentication architectures that you can use. The following table summarizes which architectures can be applied to specific environments and the resulting user experience:
Authentication Architecture | MSS + Secure Store | MSS + No Secure Store | SharePoint / Presto Server in Same Domains | SharePoint / Presto Server in Different Domains | SharePoint / Presto Server Share User Repository | User Experience |
SSO + Token Authentication | | | | | | Full SSO |
| | | | | Initial challenge |
SSO + Cookie Authentication | | | | | | Initial challenge |
| | | | | Initial challenge |
No SSO, Manual Authentication | | | | | | All challenges |
| | | | | All challenges |