Claims based Authentication

I am writing a series of articles about Claims based Authentication in SharePoint 2013.

Claims based Authentication

Claims based Authentication allows decoupling of Authentication from an Application. By default SharePoint uses Windows Classic mode Authentication.

Claims

Claims are XML based SAML 2.0 token. Each token will be encrypted and contains user identity information. For example a claim can contain:

1. User name

2. Access Rights

Federated Authentication

Claims based Authentication is also called Federated Authentication as the Authentication is federated to a 3rd party provider. Following would be a typical scenario for Claims based Authentication.

Imaging you has a SharePoint site for Document Management. You have shared the site in public. Your customers are different Corporations like Corp A, Corp B etc. A corporate employee of Corp A needs to access the SharePoint site. It is tedious to maintain an authentication for each corporation in the SharePoint active directory. Here the corporate employee who is authenticated with their own company public sites & produce the same claims to access our SharePoint site.

Thus the authentication is externalized.

image

The image above depicts the following:

1. User access to SharePoint Site

2. SharePoint Site redirects to the Corp A login page

3. User authenticates to Corp A

4. Corp A provides a set of claims to the user

5. Corp A redirects to SharePoint Site

6. SharePoint Site validates the claim

7. User is given access to SharePoint Site

There should be a pre-configured Trust between SharePoint Site & Corp A application for the above to work.

References

https://msdn.microsoft.com/en-us/library/ff359101.aspx

Summary

In this post we have explored basics of claims based authentication. In the upcoming articles I will explain how to setup create a custom claims provider for SharePoint 2013

Leave a Reply

Your email address will not be published. Required fields are marked *