First of all, thanks to Danny Jessee for tons of information to succeed in this assignment.

If you don’t know, SharePoint 2010/2013 can authenticate against identy providers such as Windows Live ID, Google, Yahoo!, and Facebook like a charm with no coding using Windows Azure Access Control Service (ACS) using Claims Based Authentication.

I see this will drive adoption of websites and therefore makes them successful.

Prerequisites

• Facebook App, any app, check the Facebook Developers application
• A Facebook account integrated with the app you will do.
• A Windows Azure account with an ACS namespace created (these can be created using the Service Bus, Access Control & Caching section of the portal) This will be used to be our host for Claims Identity Providers
• SharePoint 2013 Farm. (can work with 2010)
• An X.509 certificate to be used by Azure ACS and SharePoint to digitally sign tokens (and explicitly trusted by SharePoint)

Facebook Application Steps

• Within the Facebook Developers application, click Create New App.   
• Give the app a Name and a Namespace. Click Continue.
• After passing the Captcha check, select Website with Facebook Login in the next screen and enter the URL to your Azure ACS Service Namespace (e.g., https://{your namespace}.accesscontrol.windows.net). Click Save Changes.
• Take note of the App ID and App Secret values that appear at the top of this screen. You will need to use these to configure Azure ACS to leverage this application. That’s all we need to do within Facebook!

Azure ACS Steps

Within Azure ACS, we must configure the following four things:

• Facebook as an Identity Provider.
• SharePoint as a Relying Party Application.
• Claims Rule Groups to determine how Claims are passed from the identity provider to the relying party application.
• The Token Signing Certificate that Azure ACS will use to prove that it is indeed the issuer of the SAML token that SharePoint receives.

Identity Provider

• From within your Azure ACS management portal (e.g., https://{your namespace}.accesscontrol.windows.net) and select Identity providers from the Trust relationships section in the left navigation. In the next screen, click Add.
• In the next screen, choose Facebook application and click Next.
• In the next screen, enter the Application ID and Application secret values from the Facebook application you created above. You should also provide a Display name (for use within the ACS management portal) and a comma-separated list of Application permissions (note that email is the only required permission to enable Facebook users to sign in to SharePoint). You can, however, request additional permissions to do lots of fun and exciting things. Those permission strings are defined here.
• You do not need to specify values for Login link text or Image URL unless you plan to configure more than one Azure ACS identity provider to use with SharePoint. If you have already configured your Relying party applications within Azure ACS, you may select them at the bottom of this screen. Otherwise, we will configure SharePoint as an RP in the next step.
• Press Save to save changes.

Relying Party Application

From within your Azure ACS management portal (e.g., https://{your namespace}.accesscontrol.windows.net) and select Relying party applications from the Trust relationships section in the left navigation. In the next screen, click Add.

In the next screen, provide a name for the relying party application (I often just use the fully-qualified domain name of my SharePoint web application) and choose to Enter settings manually. In the boxes below, enter the following values:

• Realm – URL of your SharePoint web application (note that a URN can also be entered here and, in many cases, is the preferred approach)
• Return URL – URL of your SharePoint web application + /_trust – this is the endpoint for SharePoint’s STS, which is where Azure ACS will send the SAML token it creates. The " /_trust " is very important, if you put only web application URL, in SharePoint you will have an error that token is not from a trusted issuer.
• Token format – SAML 1.1
• Token lifetime – enter a value greater than the default 600 seconds, I would say 3600

In the Authentication Settings section, select the Identity provider you configured above and choose to Create a new rule group. Under Token Signing Settings, choose whether to Use service namespace certificate (if you have already configured a certificate within Azure ACS) or Use a dedicated certificate if you would like to use a different X.509 certificate exclusively for this relying party application.

Click Save to save changes.

Rule Group

• From within your Azure ACS management portal (e.g., https://{your namespace}.accesscontrol.windows.net) and select Rule groups from the Trust relationships section in the left navigation. In the next screen, click Default Rule Group for {your web application}
• Note that no rules are added by default. Click Generate and select the identity provider you created above.
• Click Generate to generate Claims rules for the 5 values Azure ACS can obtain from a logged in Facebook user:

1. AccessToken – the Facebook Graph API access token
2. emailaddress – the email address associated with the user’s Facebook profile
3. expiration – the expiration date/time of the AccessToken granted above
4. name – the Facebook user’s display name
5. nameidentifier – the Facebook user’s unique profile ID (integer)

• Press Save to save the rules.
• Upload Token Signing Certificate
• If you haven’t already, you will need to configure Azure ACS to utilize an X.509 certificate to digitally sign the tokens it generates. Optionally, you can also specify certificates to use for token encryption and decryption. I generated a self-signed certificate using the makecert utility FOR DEMO. DO NOT DO THIS IN PRODUCTION! I then uploaded this certificate by going to the Certificates and Keys link under Service settings in the ACS management portal.
• Click Add to upload your certificate. This page allows you to specify where the certificate should be used, what type of certificate it is, and how to make it the primary token-signing certificate. It even includes the specific makecert command you need to run to generate a self-signed certificate (again, I cannot overemphasize how important it is that you NOT use a self-signed certificate in production!)

SharePoint 2013 Steps

New Web Application

• From SharePoint 2013 Central Administration, create a new web application. Should be Claims and Claims is the default.
• Make sure the host header matches the host header for the Return URL specified in the Azure ACS relying party application setup. Enable Integrated
• Windows Authentication with NTLM at this step. You’ll notice no Trusted Identity providers exist at this point.
• Create a new site collection at the root of the web application and choose a Windows identity for the primary Site Collection Administrator.
• Configure Azure ACS as a new Trusted Identity Provider
• In order to enable us to select Azure ACS as a trusted identity provider for the web application, we need to run some PowerShell. The script to run appears below.

$realm = "http://www.contoso.com"

$signinurl = "https://[your name space].accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2fwww.contoso.com%2f"

$certloc = "C:\contoso.cer"

$rootcert = Get-PfxCertificate $certloc

New-SPTrustedRootAuthority "Facebook Azure ACS" -Certificate $rootcert

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certloc)

$map1 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming

$map2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" -IncomingClaimTypeDisplayName "Display Name" –LocalClaimType   "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"

$map3 = New-SPClaimTypeMapping -IncomingClaimType "http://www.facebook.com/claims/AccessToken" -IncomingClaimTypeDisplayName "Access Token" -SameAsIncoming

$map4 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" -IncomingClaimTypeDisplayName "Name Identifier" –LocalClaimType   "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"

$map5 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration" -IncomingClaimTypeDisplayName "Expiration" -SameAsIncoming

New-SPTrustedIdentityTokenIssuer -Name "Facebook" -Description "Facebook" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1,$map2,$map3,$map4,$map5 -SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType

Keep in mind:

• Ensure the value for $realm matches the realm value used when creating the relying party application within Azure ACS.
• Ensure the X.509 certificate used here is the same as the token signing certificate used when creating the Relying Party application within Azure ACS.
• Ensure the value for $signinurl is set properly for your SharePoint web application.

Run this PowerShell script from the SharePoint 2013 Management Shell (as an Administrator). If you don’t see red text, then we are good to go

Return to the list of web applications in SharePoint 2013 Central Administration. Select the web application and press Authentication Providers.

Choose the appropriate zone and scroll down. Facebook should now appear in the list of trusted identity providers.

Select Facebook and press Save. You have now configured Azure ACS as a new trusted identity provider, and SharePoint knows it can trust SAML tokens signed with your Azure ACS token-signing certificate.

Set User Access Policy

• In order for the users to access your SharePoint 2013 site once they have authenticated via Facebook, we must grant them the appropriate level of authorization. To do this, I recommend setting a “Full Read” policy for all users who authenticate to SharePoint via our “Facebook” trusted identity provider. Start by selecting the web application in Central Administration and go to User Policy.
• Choose Add Users, then select the appropriate zone (All zones) and press Next.
• Select the address book icon beneath the Users text box to bring up the Select People and Groups dialog.
• Select All Users, then choose All Users (Facebook). Press Add to select the group.
• Check the box for Full Read in the permissions section and press Finish.
• The new policy is now displayed at the bottom of the list.

We are ready to test :)

Sign in to SharePoint 2013 with Facebook

• Navigate to the home page of the web application. The default sign in page will appear.
• Choose Facebook from the drop down list. The user will be redirected (through the Azure ACS portal) to a Facebook-hosted login page.
• Enter your Facebook credentials and press Log In. The first time a user attempts to log in to your SharePoint site with Facebook, he or she will be prompted to grant the Facebook application access to the user’s basic information and email address (this is based on the permissions we set up when we initially defined the Facebook identity provider in the Azure ACS management portal).
• Press Go to App. The user should be redirected back to Azure ACS, which then redirects the user back to SharePoint…logged in with Facebook credentials!
• Note the user’s display name is the email address associated with the user’s Facebook account. This is because we set EmailAddress as the IdentifierClaim in the PowerShell script we ran to configure Azure ACS as a trusted identity provider.

Brief of Steps

Setting up this integration requires configuration steps to be performed in three different places:

1. Within Facebook, an application must be created that supports “Website with Facebook Login.”
2. Within the Azure ACS management portal, a new Identity Provider (IP), Relying Party (RP) application, and Rule Group must be created to inform Azure ACS about: a. The Facebook application created above. b. The SharePoint environment to be configured with Azure ACS integration below.
3. Within SharePoint, we must create a new web application with Claims (in SharePoint 2013, Claims is the default authentication mechanism) and configure it to point to our Azure ACS setup as a Trusted Identity Provider.

You can use some codeplex webparts that requires this technique , http://facebookwebparts.codeplex.com/ 

Feel free to post any questions in the comments!

 1-Mohamed, can you please introduce yourself to our readers?

 Hello to all! I am Mohamed Khairy and I am one of the Data Center Technical Solutions Experts Team @ CoEX. I was studying Computer science in Modern Academy in Maadi because of my love to computers and technology and graduated in 2005 and since then and I work in this fascinating field and I had 4 work experiences in different countries before joining CoEX.

 2- I understand that you are passionate about IT and Technology, what fascinates you most?

I’ve grown up with technology and simply find it amazing. I find it amazing how I can search for anything I want on the web. I find it amazing that I can learn how technology works and use it to solve problems and make useful things and solutions.

Think to yourself - how proud would you feel if you had an issue and you discover how to solve it using technology products.  You can then turn it into a solution model that can be used by many people to fix things that annoy them in their daily operations. This is how I would define passion.

I want to make a difference in this world and to improve myself as a person, and I believe that technology and IT can take me anywhere I would like. Security, programming, web design... the possibilities are endless. 

Passion to me is to believe strongly in something and it makes you feel great. For me helping people and customers by providing them with a super solutions and helping them also get tech that can improve and better the quality of their environment is a something that makes me feel so great.

3- Can you explain to us how Identity and access management solutions work?

Identity and access management (IAM) is the security discipline that authorizes users to access corporate systems and information. It helps prevent fraudulent access and use of data that could potentially affect the business, its partners, or even worse, its customers.

Identity and access management (IAM) also brings great values to organizations in reducing IT management cost, enhancing employee productivity, and increasing compliance efficiency. 

Microsoft Forefront Identity Manager 2010 R2 (FIM) can help you to standardize identity and access management across your organization by delivering self-service identity management for users, automates lifecycle management across heterogeneous platforms for administrators, and provides a rich policy framework for enforcing corporate security policies on users, devices, enterprise applications, data center servers and business processes.

4-Can you provide any links that can help introduce us and expand our knowledge about FIM?

1-      Microsoft Forefront Identity Manager 2010 R2

2-      TechNet Forefront Identity Manager 2010 R2

3-      What's New in Forefront Identity Manager 2010 R2 SP1

 6-Away from technology, do you have any other hobbies or passions?

 Two, Squash and Shooting. 

 7- Any advice to anyone that wants to be an IT guru?

 The first piece of advice I have is that, if you are interested in technology, you should pay attention to whatever aspect of the industry you plan on entering. Read books, browse the Internet for information on your field of choice, and practice them, whether it is hardware, software technology, or programming. It never hurts to stay informed J

8- How can people contact you for any technical inquiries?

You can email any questions or inquiries to my email:  v-mkhair@microsoft.com

Thank you so much Mohamed Khairy

 1 -Mostafa, can you please introduce yourself to our readers?

  I have been working in the IT business for over 7 years now. I started as a Senior Technical Service Engineer. My responsibility was building Datacenters, such as Servers, Storage Systems, Backup solutions and  Virtualization, for many vendors such as Microsoft, HP, Dell, IBM, VMware and Symantec. Today I am a Regional Technology Solution Professional at CoEx - Microsoft Middle East & Africa, with the focus on Datacenter workload such as Windows Server, Windows Azure and System Center.

  2-What do you love the most about technology?

  I love thinking with customers, how to apply appropriate technology to solve their pains that they are facing in the IT world.

  3-Can you give us a small introduction to better understand what is Hyper-V?

 Microsoft Hyper-V Server 2012 is a hypervisor-based server virtualization product that enables you to consolidate workloads, helping organizations improve server utilization and reduce costs.

Hyper-V is a role in Windows Server® 2008 and Windows Server® 2012 that provides you with the tools and services you can use to create a virtualized server-computing environment. This type of environment is useful because you can create and manage virtual machines, which allow you to run multiple operating systems on one physical computer and isolate the operating systems from each other.

4-Can you provide us with interesting links that can help us know more and introduce us to Hyper-V?

Check out those 2 links

http://www.microsoft.com/en-us/server-cloud/products/windows-server-2012-r2/default.aspx#fbid=haC-6YeeyTw

http://www.microsoft.com/en-us/server-cloud/hyper-v-server/

5- What are the newest updates for Hyper-V this year?

We announced Windows Server 2012 R2 – a major release of Windows Server. We’ve already made significant virtualization improvements around Hyper-V in Windows Server 2012 – across the board, including scale, availability, management, storage and networking. There is also a lot of new and enhanced capabilities for Hyper-V in Windows Server 2012 R2 release.

http://technet.microsoft.com/en-us/library/dn282278.aspx

http://www.microsoft.com/en-us/server-cloud/products/system-center-2012-r2/default.aspx#fbid=haC-6YeeyTw

 6-Away from technology, do you have any other hobbies or passions?

 I love travelling and Scuba diving, here is a picture of me under water :)

 7-Very Nice picture! Do you have any advice to anyone that wants to be an IT guru?

 Here is one of my favorite quotes "You do not really understand something unless you can explain it to your grandmother"… Albert Einstein

 Therefore, my advice is you must read, practice and then read again and practice a lot.

8-How can people contact you for any technical inquiries?

You can reach out to me by e-mailv-mostay@microsoft.com , and I will start blogging on my team blog  http://blogs.technet.com/meacoex .

Thank you Mostafa!

Also, check out the Facebook post  and our twitter account :)

On a fait la connaissance de Chervine lors d'un atelier, quand il s'est mis en avant comme chef d'équipe de 3 développeurs. Il les a soutenu et coacher afin qu’ils puissent acquérir les connaissances et les techniques nécessaires les permettant de développer des applications Windows Phone –  Pendant qu’on demandait au minimum 4 applications de chaque équipe, cette équipe a développée plus d’une dizaine applications.  Ce qui est plus impressionnant, c'est qu'à la fin, il a réussi à faire partager sa passion pour le développement avec son équipe. Lisez ce blog pour savoir plus sur Chervine et sa passion

1. Chervine, pourriez-vous vous introduire dans un petit paragraphe ?

Je suis Chervine Bhiwoo et j’ai 24 ans. J’ai obtenu ma licence à l’Université de Maurice en 2012 et actuellement je suis ingénieur en informatique dans une des entreprises informatiques les plus réputées à Maurice. L’informatique et les nouvelles technologies sont mes plus grandes passions. Je passe beaucoup de mon temps libre à lire des articles sur le net, à développer de nouvelles applications ou à partager des idées avec mes amis.

2. Comment êtes-vous devenu aussi passionné par la technologie et le développement ?

J’ai découvert ce monde fabuleux d’informatique quand j’avais seulement 15ans. Ce qui m’intriguait et qui me rendait adepte c’était la logique derrière. Souvent j’entendais parler de java ou de VB et j’étais curieux de savoir ce que c’était. J’ai donc emprunté un livre sur VB à un ami où j’ai découvert le monde de la programmation. Tout a commencé à partir de cette curiosité et de cette envie d’apprendre. . Aujourd’hui je suis doué sur les technologies du web, mobiles et Cloud.

3. Quel est votre langage de programmation préféré ?

C#, C’est un langage moderne avec les pouvoirs du Framework .net qui rend le développement d'applications plus facile et a également des fonctionnalités de débogage de Visual Studio. Ensemble, ils améliorent l'expérience de développement et accroit la productivité des développeurs.

4. Comment avez-vous commencé à travailler sur Windows Phone ?

J’ai eu l’occasion de connaître ce produit (Windows phone 8) à travers un cours organisé pour les programmeurs à Maurice.

Dès le premier jour, on nous a demandé de mettre une équipe sur pied et je me suis porté volontaire pour le faire car j’avais déjà une notion de C #. Depuis, l’évangéliste technique de Microsoft, Arnaud Meslier, nous a guidés afin de développer des applications Windows 8. Vu que je connaissais déjà la programmation, j’ai vite compris le concept et par la suite, j’ai commencé à guider les membres de mon équipe pendant toute une semaine. Mon équipe et moi-même avons développé 13 application Windows phone 8 en 2 mois.

5. Comment avez-vous eu les idées pour vos applications ?

Le travail d’équipe a favorisé l’échange d’idées, ce qui nous a permis de créer nos applications... L’inspiration venait des problèmes qu’on rencontrait chacun dans notre vie quotidienne. On essayait de trouver des solutions et de créer une application pour ces problèmes.

Pizza Mania

Casela

Devinette

Vroom Vroom Maurice

Love Messages

Mauritius News

UoM Guide

Hello Doc

Zistoire Nu Zil

Mauritius Malls

Mauritius Night Events

Tourist Kit

Mauritius Hotels

6. Pourriez-vous nous faire un petit tour pour mieux comprendre votre application préférée ?

Il y en a deux que j’aime bien.

Mauritius News : Nous lisons tous les journaux quotidiennement et actuellement il y a plusieurs pages web pour chaque journal. Donc, j’ai eu l’idée de créer une application pour réunir toutes les nouvelles que l’on trouve sur ces sites. Ainsi chaque matin quand je voyage, je vais seulement sur cette application pour lire les nouvelles.

Pizza mania : L’idée est venue pendant le Windows Phone 8 Boot camp lors d’une conversation. Pizza mania est une application qui regroupe les coordonnés et le menu de chaque pizzeria, ce qui facilite la commande.

7. Quels sont vos intérêts outre que la technologie ?

J’adore aller à la plage et pratiquer la natation. J’y vais une fois par mois.. Mis à part le foot, le cinéma et le cyclisme, j’aime également passer mes week-ends en famille ou avec mes amis qui m’apportent beaucoup de soutien

8. Avez-vous quelques astuces à partager avec les lecteurs du blog ?

Le mot clé c’est passion ! Si cela vous passionne, essayer de trouver un peu de temps pour apprendre quelque chose de nouveau et travailler en équipe pour vos projets. Cela permet de créer des liens et de partager la passion.

9. Comment la communauté peut-elle vous rattraper ? (en ligne ou hors ligne)

http://about.me/chervine

Je suis souvent présent lors des événements de Microsoft Maurice tels que les Dev camps.

1-Ahmed, can you please introduce yourself to our readers?

I graduated from The American University in Cairo in 2007; Majoring computer science and minoring Business Administration. I have been working on the technical sales and consultation side of the business since then.

2- What do you love the most about technology?

To me technology is meant to make people’s life better. Unfortunately, many organizations are still technologically boxed in the 90s or even worse – some still rely on paperwork! I’d say technology is a vital pillar for the economy of any country, and I’d love to be one of the builders of the economy of MEA (Middle East and Africa).

3-Can you give us a small introduction to better understand what is BP?

BP is short for Business Productivity. The main essence of BP is to help organizations unleash from the rigid old-school culture of work and limitations of their IT environments. We aim to make all employees with smart devices [be it a laptop/tablet/smart phone] more productive, and work hand in hand with others to achieve the goal of their business. Microsoft is addressing that through a wide range of products that complement each other to deliver a complete productivity suite.

4-Can you provide us any links that can help introduce us and expand our BP knowledge?

•        Microsoft Overview on Business Productivity
•        Business Productivity Infrastructure
•        Discover Office 365

5- What is the newest updates for BP this year?

With the strategic acquisitions, Microsoft is complementing its arsenal. Microsoft is fusing a Social dimension within the work environment of the employees where they can share their knowledge and benefit from the wisdom of the crowd. This is catered for through SharePoint 2013, and the acquisition of Yammer; the biggest Enterprise Social Platform. On a parallel track, Microsoft is to acquire Nokia’s Smart devices to be self-dependent when it comes to hardware for smartphones and tablets. Moreover, the continuous investment in cloud computing through the Office 365 offering that will allow users to access their resources and colleagues from virtually anywhere. This year Microsoft had an unprecedented number of releases on all levels. I’d only highlight the release of Windows 8, Windows Phone 8, and the all-new Office 2013 among a lot of other great stuff. Microsoft is leaving its fingerprint all the way from bottom up. You can see that when it comes to Devices, Operating Systems, Infrastructure, Smart Phones, Document Processing software, collaboration platform, and even on the cloud! I believe Microsoft is moving forward with steady steps to prove that it is one of the leading players in the market.

6-Away from technology, do you have any other hobbies or passions?

I’m very passionate about football, cars, horseback riding, and shooting :)

7- Any advice to anyone that wants to be an IT guru?

Reading is definitely the main source of information. However, most of the things you learn is not there in the books – You have to go out there and get your hands dirty!

8- How can people contact you for any technical inquiries?

You can contact me by email v-ahafif@microsoft.com

Thank you so much Ahmed Afifi, and good luck in building MEA's economy through technology :)