| Like most of you out there, I have spent quite a bit of my life travelling, staying in hotels and generally being away for work. Sometimes this is great and exciting sometimes it is not. If you speak to anyone who travels for work they will say it is kind of a like a "love / hate relationship", where as everybody who doesn't travel thinks it is most exciting thing ever. I remember while living back in the UK, travelling to Athens, Greece for work. As much as this was exciting, most of what I saw was the Plane, Taxi, Hotel, then the client offices, and of course then in reverse when leaving. My post today is no about whether or not travelling is good or bad but about my own experience and dependencies on little things that make my life easier when travelling.
A few weeks I ago I travelled out to Seattle for client meetings, as I always do where possible I don't check a bag, I reduce what I take to the smallest amount of essentials so I can skip out on the extra hour of time at any airport waiting for my bag back. However one thing that I don't skip on is my work back of "geeky" stuff. Travelling back in the UK, this was never really an issue as I either drove or caught the train, but here in the US, flying is the normal. So I packed my back and went to Dulles airport.
I am a great advocate of "saving the trees" where possible, so choose depending on the airport to check in online using my iPhone, and use the digital ticket they give you, feel like I am doing my part to save the trees.
You all know what comes next, the exciting airport security line that can be the easiest or the hardest thing you ever have to do when travelling. Luckily for me this time was very easy. However I arrive at the security barrier, start to almost strip down to my underwear (there's an image for you) and then unload all of the required items that have to be scanned separately. So while doing this one of the TSA staff is watching me and then comes over to me and asks me "why I needed all the devices" that I had placed in various trays. So to explain I had the following:
- Windows 7 Laptop for Work
- Apple MAC Book Pro for Work
- iPhone
- Kindle Fire
- Regular Kindle (forgot about that being in my bag)
What I also had was multiple external USB hard drives in my bag which always causes a double take by the TSA bag screener. So my response was very simple, "yes", I do and I then proceeded to explain and justify why I needed all the devices with me. At that moment I suddenly found myself asking if I did really need to carry all the devices. Both laptops would have worked, so one would have done, I get internet, email etc. on both by laptops, kindle and phone, justification being some devices rely on Wi-Fi others on the cell phone network.
Isn't it funny to think that in a world when the devices are supposed to do "everything" we can imagine we still end up carrying multiple devices, because the devices we need are different based on the task in hand. Now skip forward to Austin, Texas the other week sitting in the airport with a few colleagues who had attended and spoken and to a very awkward conversation that right now I cannot remember who started it, but it related to my obsession with devices and then the connectivity that I need *ALL THE TIME*.
Are you like me where you really feel it when you, don't check your email, don't surf the internet randomly or just know you have a connection. Sounds bad I know, but with travelling around you soon get an appreciation of a good internet connection, some hotels are good, others are bad, sometime my cell phone works so I can use other times it does not, and of course unless you are on plan carrier that has Wi-Fi the flights can be very long when all you need or want to do is send that email or check Facebook or twitter.
Surely I am not alone on this, so while sitting in the Airport, a friend Bill English said that when he finishes work on a Friday he "un-plugs" until he has to go back to work on Monday. I was amazed that he could do that. For me I have my phone with me at *all* times, just in case someone whoever it is needs to send me en email, text, tweet or a Facebook message. I like the feeling of being connected and really do feel a little disconnected and almost out of it when not connected or at least have access to some device that is online the whole time, kind of reminds me of being in the "matrix".
So does this mean I am an "internet junky"?
Do I have an addiction? Is it time for me to let go of a device for a few hours and wean myself off the need to be connected?
My own though is maybe it is time to let go a little and enjoy the time away from it. I am not alone in this, I go and see my son playing football (soccer) and I am not the only parent who is on the phone at some point of checking in on Foursquare, Facebook or tweeting how great my kids are. In my mind this is fine however, we seem to as humans being moved away from the idea that talking to people is accepted, now we ask people to "email me", "ping me", send me a "Facebook or Twitter Message", are we going to end up not speaking in the future? I don't think so but maybe it is time to let go a little and go back to idea, as Orange in the UK, always had on their commercials "it is good to talk".
Maybe I will start wearing this T-Shirt to spread the work and may you think about your own "connectivity addiction" J
 
|
| Well it is that time again, the joyous Christmas season. It has been a very busy year, great work, great conferences and it has been fantastic to meet a lot of you this year. As I think of this time of year, I reflect at where I am at, what I have done and what I wish to achieve this next year which helps me to prepare for the next year. As I thought about this I was reminded to say a big
"thank you"
to everyone who I know and those I don't know who follow my blog. Thank you for your support, reading my posts and commenting to make the posts useful.
I hope that you have a great Christmas Season and a great start to the New Year. 2012 is going to be a great year; I would even say it will be the year of "SharePoint". Many organizations have now seen the light and are adopting it more and more, which means we will all be working very hard again next year which has to be a good thing.
So here's me wishing you all a great start to 2012, hopefully see you at a conferences this year.
Merry Christmas and a Happy New Year!! |
| So as you may all be aware Microsoft has released a preview of Team Foundation Server in the cloud for everyone to try. What a great idea, it makes perfect sense to me; I had been investigating a hosted TFS solution a while ago but had been deterred by the cost, but know with Microsoft hosting it along with the other Azure Services this could be a viable option. So if you have not got an account, then head over to http://tfspreview.com and use the following code: TfsDecUpdate, if this does not work then you will have to wait for the next update, I would assume in January.
Once you have created your account you should end up with a page that looks similar to this:
Once you have the site up and running, you are then able to create a TFS project just as you would if you were using the on premise TFS.
As you can see at the moment there are three templates available for the project for my demo I am going to use the first one.
Once you have completed the form the creation process will begin.
This may take some time, once done you will see a confirmation screen, if you get an errors at this point, the screen will close out but the process will continue. Once completed you will then be left with the project listed on the left.
The name of the project is hyperlinked directly to the project site so once clicked on it will load as shown below.
So as you can see it has some similarities with the TFS web tool that you can use if you have an on premise installation. A very cool feature though is the ability to add members to the projects. To do this click the "Manage Members" link on the right.
The original account you used for setup will be listed. You can then select the "Add" menu item where you can either add a user or a TFS group.
For my demo I am going to use "Add User", which presents a people picker that is wired to the windows live platform.
You do not have the ability to search the window live directory, but you can search within the current users you have allocated to the TFS site. I simply added my MSN email that was not added and clicked okay.
The picker will validate the account and allow it to be added, which will then redirect you to the summary page of all members.
When you go back to the home page now you should see the other account(s) listed in the member's control.
So now we have our project created, members added what else could we do? Well we can create product backlog items, tasks, bugs, impediments and test cases. This is done using the links on the site, so as an example to add a task, click the following button.
And then complete the form as needed.
Once you have TFS items in the system you can allocate them to users and use them in exactly the same way as TFS on premise.
The user interface is fantastic, so I can click the "Work" link and view my product backlog and sprints, boards and work items that are associated to me.
You are also able to access the source from the main navigation.
You also have the ability to view the builds you have scheduled and completed builds.
Now to work with it locally from Visual Studio you will need to download the add-in, which will enable you to connect it as if you were using on premise TFS.
You access the required download if it is needed using the following page:
http://blogs.msdn.com/b/visualstudioalm/archive/2011/09/14/tfs-preview-downloads.aspx
All in all so far it works really well, will post some more in a future post, enjoy J |
| So in the last post we setup the Access Control Services with the following:
- Custom endpoint name (helloitsliam for me)
- Yahoo Identity Provider added
- Claim Mappings generated from Yahoo
- Certificate loaded
Our next task is to tell our SharePoint environment to use this Identity Provider, this will use windows azure acting as the proxy for the other providers behind it. So to begin with make sure your SharePoint server has internet access, sound silly you know but you never know. So now we have this, we need to use PowerShell to enable a Trusted Identity Provider, for this I will explain the PowerShell.
The first part is to declare the certificate that we used in the Access Services into SharePoint so we have a mapping for both environments:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("{Path to SSL}.cer")
Next we need to setup our claim mappings that SharePoint will expect from Windows Azure upon a successful login.
## Generic Claim Mapping for Email Address ##
$map1 = New-SPClaimTypeMapping "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming
## NameIdentifier Mapping for Windows Live ID ##
$map2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" -IncomingClaimTypeDisplayName "UPN" -LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
Next we need to set the realm that is expected and presented to SharePoint as well as the actual sign in URL that SharePoint will use when someone tries to login. The realm can be a URL or a URN, so for example I am using a URL, "http://sharepointcloud.domain.com" but a URN could be used such as "urn:helloitsliam:sharepoint". To get the sign in URL, access your Access Control Service and select the "Application Integration" link.
To get the exact URL you need, you can use the WS-Federation Metadata link, open it in your browser and it should then display the raw XML, which if you search for "<fed:PassiveRequestorEndpoint>", will display the exact sign-in URL like mine:
So our PowerShell is now, obviously replacing "{name}" with your selected namespace prefix.
$realm = "https://sharepointcloud.domain.com/_trust/"
$signinurl = "https://{name}.accesscontrol.windows.net/v2/wsfederation"
Now to add it all together, we use the following command to add the Trusted Identity Provider, set the Name, Claim Mappings, Certificate and sign in URL. The most important part is the setting of the "Identifier Claim", this is the one that you will see in the Welcome Control and SharePoint will use as the identifier for any user.
New-SPTrustedIdentityTokenIssuer -Name "Windows Azure ACS" -Description "Windows Azure ACS" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1, $map2 -SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType
Finally we set the certificate as a "Trusted Root Authority" in SharePoint using the following:
New-SPTrustedRootAuthority -Name "Windows Azure ACS Signing" -Certificate $cert
There we have it; the only other part is to add the certificate tree as trusted certificates also. So for my example I now have the following:
The Comodo Root, the core Certificate Authority and then the one we set in the PowerShell above. If you are not sure of the tree, open you're certificate and you check the certificate path as shown below:
Now we have this done, we need to make sure the certificates we have used here are also added to the "Trusted Root Certification Authorities" as shown below:
Next we need perform the internal SharePoint configuration for the web application. Open up "Central Administration", "Application Management", and "Web Applications" and select the Web application you want to use the provider with.
Select the "Authentication Providers" option.
For my test site I have already extended by default zone with an internet zone that I am going to select to use the identity provider. Once the configuration opens, for me I am deselecting the "Windows Authentication" and setting just the "Trusted Identity Provider".
Press the okay button and wait for this configuration to be saved. Once done we can access my anonymous site and select the "Sign In" link at the top.
We should be redirect to the Azure Access Control Service:
If you select the "Yahoo" option or "Windows Live ID" if you have one, it should redirect you to the provider login site:
Upon successful login it will send you back to the SharePoint site logged in. The actual process can be seen in fiddler for Yahoo that is:
Initial Click from SharePoint, redirect to Azure then onto Yahoo
After login, redirect from Yahoo back to SharePoint
So a few redirects, but the end result is me logged in with my account and having access to SharePoint; which was granted to my account earlier in the usual way.
All in all not so hard to get it working. There are a few more things that you would want to do to make it work in a production environment but for now this just works and is fantastic.
|
| So SharePoint Saturday Utah was great, great speakers, attendees and organization. It was a perfect location and everyone I spoke to had a great time. For the 1st SharePoint Saturday in Utah, I felt it was a great event, looking forward to the next one. Big shout to Joel Oleson, Christian Buckley and Josef Nelson for the event!!
As with all SharePoint Saturdays, the key is everyone coming with the right attitude of learning and the speakers giving off some great energy and excitement, which was the case there. The evening entertainment was good too, Brazilian food for the speaker dinner then a tour around Temple Square in Salt Lake City Centre. Few pictures below:
          
 
It was very cold, but worth wandering around just seeing the sites and hanging out with everyone. Saturday's entertainment was great too; get together with some of the attendees and speakers at the inaugural SharePint. After which, off to a Caribbean restaurant for some great food and chatting with a smaller group of the SharePoint Community "die hards". Then it was the extra committed off to Urban Lounge in Salt Lake City to experience the underground clubbing vibe!! Live band and then some "real" hip hop from a couple of groups, very cool, not experienced the whole Hip Hop vibe before.
So if you missed it or have never experienced a SharePoint Saturday, get out there and join the community and enjoy the friendships and learning that goes with it.
My slides are available as PDFs here:
http://blog.helloitsliam.com/Presentations/SPS-UTAH-ART-OF-POSSIBLE-KEYNOTE.pdf
http://blog.helloitsliam.com/Presentations/SPS-UTAH-DO-YOU-CLAIM-TO-BE-FROM-THE-AZURE-SKY.pdf
Or you can get them from Slide share here:
http://www.slideshare.net/helloitsliam/spsutah-the-art-of-the-possible-keynote
http://www.slideshare.net/helloitsliam/spsutah-do-you-claim-to-be-from-the-azure-sky
So hopefully see you around at an event soon, will be at the following in January:
SharePoint Saturday Virginia Beach
SharePoint Saturday Austin Texas
See you around J
|
| So SharePoint 2010 is great, and a fantastic platform which everybody is adopting, well most people. They have now come to realize the great power from using SharePoint for internet, intranet, extranet and even as a custom application platform. So to as SharePoint gains adoption, so does the Microsoft Azure Services in the cloud. One of the great additions in the cloud services is the advent of the Access Control Services which connect to SharePoint wonderfully and could be used for offering people access to your SharePoint by using multiple Identity Providers. Obviously there are many reasons for and against offloading your authentication out into the cloud but for now I am just going to focus on the configuration of it. So firstly you will need to actually get an azure account, so head over to http://www.windowsazure.com and create an account, use the trail for now but get one setup and login to access the Azure Management Portal. So let's begin. From the left panel at the bottom, select the "Service Bus, Access Control & Caching" option.
When this loads it will display the "AppFabric" option at the top for creating a new namespace for anyone of the options.
Select the "Access Control" option from the navigation tree.
To start with we need to create a unique namespace (URL endpoint) that we can use to get access to these services. With the "Access Control" selected, choose the "New" option.
You now have the ability to select a namespace for your endpoint. For me I use of course "helloitsliam", you will also need to set the country / region, the subscription should already be selected but if you have multiple you can select the one you wish to use. Once you have created it, it does take a little bit of time to become activate; it should then be listed as shown below with a status of Active.
So now we have the core endpoints created time to configure the service itself. Select the end point you created and you should now see the "Access Control Service" management link. Simply press this and it will redirect you to the management site for that service.
The configuration site lists out all the options needed to configure the access mechanism.
To start the configuration we will first set the "Identity Providers" that we wish to use with our SharePoint or claims aware application. Select the "Identity Providers" link from the left navigation and you will see the "Windows Live ID" service is there by default and notice you can't deselect it either J
To add new providers, select the "Add" option.
You are then able to set the provider to use and set any properties you need. In this example I am going to use Yahoo, but the process is similar for any of the providers except the "WS-Federation Identity Provider" option. So for now select the "Yahoo" option.
The first two options are just name and image that will be presented to the users logging in, the "Relying Party Applications" will be the SharePoint environment or a claims aware we application. In our case we do not have a relying party set, so this will be blank. Once saved, select the "Relying Party Applications" link and then select the "Add" option. As we are using SharePoint 2010, the following details need to be added.
The realm needs to be the URI that you wish to use to recognize the provider, and then the URL needs to be added so the provider will know where to redirect a successful authentication process. In our case it is:
http://sharepointsite.com/_trust/
A note here also, the default "Token Lifetime" is set 600, this can cause too many redirects when the users are accessing the sites, so I increased mine to 3600.
Next we need to set the providers that this relying party will be allowed to use. Just because you may have Facebook, Google, Yahoo and Windows Live ID configured does not mean that your site will just accept all of those. You need to set this manually.
You will also notice that it created a "Rule Group" for the relying party you created. The rule group is simply the allowed claims mapped from the providers that you will accept coming to the SharePoint or Claims Aware web site. By default it only shows the base claim that is required by Windows Live ID. To add more you can either manually add them to create custom mapping or click the "Generate" button which will read the federation XML and populate the list accordingly.
We will simply click the "Generate" link which will ask us which provider we wish to retrieve the claims from and then list them out for us.
So now we have our Identity Provider selected, Relying Party Set, Claims Mapped, we are good to go. We simply need to perform the SharePoint configuration telling it that we have a new Trusted Identity Provider which in our case is Windows Azure not Yahoo, even though that is the provider will have really chosen. For this trust to work we need a certificate that can be used as the signing mechanism, I got a free 90 SSL Certificate from Comodo and used that, self-signed certificates do not work so well here. The key here is whatever certificate you use, you need to have generated the PFX file from it so it can be added to the Access Control Service. Once that is done select the "Certificates and Keys".
This will display the certificates you have added yourself and the base ones provided as part of the Azure service. To add your own signing certificate, select the "Add" link. You will need to then select the relying party that you wish to assign to the certificate. Then the type, and upload with the password you created when exporting the PFX file.
You also have the ability to set this as the "Primary" certificate for that relying party. Now that is done time to configure SharePoint 2010 for using this Provider.
In the next post we will do the SharePoint configuration.
|
| It is that time again where conferences are
booked, travel arrangements are made and tweets and updates are sent.
SharePoint Conference season never seems to go away which is great. If you
happen to be in Salt Lake City, Utah this weekend then come along to SharePoint
Saturday, details below:
http://www.sharepointsaturday.org/utah/default.aspx
If you can't make it then you could also be in Honolulu for
their SharePoint Saturday tomorrow as well, would have loved to have been
there, maybe next time.
http://www.sharepointsaturday.org/honolulu/default.aspx
If you like me, are looking at your schedule for the rest of the
year and the start of next year then get something on your calendar.
SPTechCon 2010 in SanFrancisco. If you haven't booked and are
thinking of going then use "CLEARY" as the discount code to
get $200 off either the 3-day PLUS the preconference workshops passport or
just a regular 3-day passport. Remember also if you register by December 16th,
you will save another $450, which means if you do it in the next couple of
weeks with my last name as the discount you will save a massive $650!!!
Last time I checked there are not many places offering that kind
of discount. So head over there now: http://www.sptechcon.com/SanFrancisco2012/
And if you can't get to any if the above there are plenty of
SharePoint Saturdays around over the next few months, if you are around I will
see in Virginia Beach and Austin Texas in January. :-) |
| During my lunch break when I play with code and SharePoint (go on admit it you do it too!!), I was working on some demo code and came across an issue while I was rendering a DateTimeControl in a page. It initially would render like this:
No default date or default time. Firstly I noticed I had not set a default date for the control, hence the blank values. So I added the following code:
Using the "SelectedDate = DateTime.Now" did display my control like this:
So success it displayed the current date and time as expected. So I decided to test some other functionality and changed my regional settings for the site collection I was on back to UK as shown below:
I then went back to my control on my page and it was still showing the date and time from my existing time zone:
If you look on the internet you will find a ton blog posts that talk about iterating through time zones using the TimeZoneInfo.GetSystemTimeZones class. This was a bit excessive and with SharePoint we should not have to do this. So looking into the "SPTimeZone" I found that with minimal coding I could get the date control to respect the time zones.
Note the "rsSet" is my variable that contains the regional settings from the "SPWeb" I am running the code in. Now when I ran my page code it worked as expected for any time zone.
United Kingdom - GMT
United States – GMT -5
Singapore – GMT + 8
And of course as expected, the date format for the location is respected. So a couple of lessons learnt:
- Write the code correctly in the beginning J
- Don't believe every code snippet on the Internet
- There are multiple ways to do things
- Stick within the SharePoint API where possible, it *should* be less code J
Hope this helps. |
| After all these many years of surfing the internet, I recieved this message from Comcast:
Dear Comcast High-Speed Internet Subscriber:
Comcast has received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over Comcast's High-Speed Internet service (the 'Service'). The copyright owner has identified the Internet Protocol ('IP') address associated with your Service account at the time as the source of the infringing works. The works identified by the copyright owner in its notification are listed below. Comcast reminds you that use of the Service (or any part of the Service) in any manner that constitutes an infringement of any copyrighted work is a violation of Comcast's Acceptable Use Policy and may result in the suspension or termination of your Service account.
If you have any questions regarding this notice, you may direct them to Comcast in writing by sending a letter or e-mail to:
Comcast Customer Security Assurance
Comcast Cable Communications, LLC
1800 Bishops Gate Blvd., 3rd Floor East Wing
Mount Laurel, NJ 08054 U.S.A.
Phone: (888) 565-4329
Fax: (856) 324-2940
For more information regarding Comcast's copyright infringement policy, procedures, and contact information, please read our Acceptable Use Policy by clicking on the Terms of Service link at http://www.comcast.net.
Sincerely,
Comcast Customer Security Assurance
{Filename, Date, Time, IP Address, Ports, Type of Network, Protocol used}
I was taken back a bit, as I was wondering what the issue was, looking at the details they sent me I have not downloaded anything remotley like it at all. Even searched my storage at home for it and nothing. I called up "Comcast Customer Security Assurance" who play a great message to you explaining in detail that it is down to me to resolve this issue. So I looked and looked and looked for the pesky file that I am supposed to have downloaded but nothing.
So lesson learnt, "Big Brother" is alive and well in the USA, and in some way I am happy he is, don't like these emails though that make you completely paranoid. So is this is a good thing? What do you think, knowing that somewhere on the world wide web is software scanning all your traffic looking for those "naughty" things you look at and download :-) |
| Recently, I had to migrate a bunch of user within SharePoint from one domain to another and also change the accounts. To this historically I would have used the old "stsadm –o migrateuser" or now in SharePoint 2010 used "Move-SPUser" cmdlet. I found that having these utilities is great but what about if you have a mapping list of X account to Y. I had this requirement so I generate a simple PowerShell script with a CSV for the mapping.
OriginalAccount |
NewAccount |
DisplayName |
Email |
FirstName |
LastName |
i:0#.w|OLDDOMAIN\user1 |
i:0#.w|NEWDOMAIN\nUser1 |
New User 1 |
nuser1@newdomain.com |
New |
User 1 |
i:0#.w|OLDDOMAIN\user2 |
i:0#.w|NEWDOMAIN\nUser2 |
New User 2 |
nuser2@newdomain.com |
New |
User 2 |
i:0#.w|OLDDOMAIN\user3 |
i:0#.w|NEWDOMAIN\nUser3 |
New User 3 |
nuser3@newdomain.com |
New |
User 3 |
i:0#.w|OLDDOMAIN\user4 |
i:0#.w|NEWDOMAIN\nUser4 |
New User 4 |
nuser4@newdomain.com |
New |
User 4 |
This table outlines the original account, new account, and new display name for the account, new email address, first name and last name. You could add more fields to this if needed of course to update other fields for the users as part of the migrate process.
NOTE: I added the claim identifier type in the accounts, this helps in the finding the user and updating if you are using claims authentication.
The PowerShell is the following:
This script gets the location of the CSV file, URL of the web application and then tries to get the account specified in the "OriginalAccount" field. If successful it then performs the migration of the user account, opens the user object and updates the other fields. Nothing special but works like a treat and saved me a bunch of time. Of course you will noticed I am suppressing any errors by using the "-erroraction silentlycontinue", this is because I don't like seeing errors J
In the real world instead of just looking for the account in the claim format "i:0#.w|OLDDOMAIN\user3", you may want to create a "New-SPClaimsPrincipal" for that account and pass that into the "Move-SPUser" cmdlet instead.
Hope this helps.
|
|
|
|
|
|