none
"HTTPS://s-static.AK.FACEBOOK.COM"

    Question

  • When accessing a SharePoint site the sign-in page comes from a page I don't reconize "HTTPS://s-static.AK.FACEBOOK.COM", is this a MS site? Is is safe?
    Monday, August 27, 2012 6:19 PM

Answers

  • Hi!

    May be it's "Form Based Authentication" / Custom Claims Provider / other authentication provider that tries to use your Facebook credentials on a SharePoint site.

    It's not possible to say: TRUST IT! You have to decide whether you trust this site or not! ;-)

    Just ask the owner of the SharePoint site!! - Thats what I would do! - Never enter credentials of *another system* like facebook if you are not sure it's safe. (Excuse me: I'm sure you know this already because you ask for it.)

    Regards
    Ingo

    Monday, August 27, 2012 11:28 PM

All replies

  • Hi!

    May be it's "Form Based Authentication" / Custom Claims Provider / other authentication provider that tries to use your Facebook credentials on a SharePoint site.

    It's not possible to say: TRUST IT! You have to decide whether you trust this site or not! ;-)

    Just ask the owner of the SharePoint site!! - Thats what I would do! - Never enter credentials of *another system* like facebook if you are not sure it's safe. (Excuse me: I'm sure you know this already because you ask for it.)

    Regards
    Ingo

    Monday, August 27, 2012 11:28 PM
  • facebook use OAuth2.0 for authentication and authorization.

    sharepoint 2010 can use facebook as identity provider through ACS: http://msdn.microsoft.com/en-us/library/windowsazure/gg185967 ;

    or it can be done with method as described in http://msdn.microsoft.com/en-us/library/ff512786.aspx ;

    As to trust, you need to check the SSL certificate of the sign-in page HTTPS://s-static.AK.FACEBOOK.COM , in case that it is a self-signed certificate or certificate issue to other site, together with hacked DNS. With default setting, Internet Explorer will warn you with certificate error.

    And, if you sign-in with your facebook credential, giving the consent, it means that you trust the SharePoint site that they will not abuse your personal information stored in facebook. Usually, the consent does not mean SharePoint site will take full control of all your facebook data, the detailed privilage will be listed together with the consent. And the consent should have an expiration date, and you should be able to revoke it on facebook site anytime you want. (I had not tried it on facebook, but i had tried on Windows live, which also implement OAuth)


    Tuesday, September 04, 2012 2:44 AM