I am writing a series of articles about Claims based Authentication in SharePoint 2013.
Claims based Authentication
Claims based Authentication allows decoupling of Authentication from an Application. By default SharePoint uses Windows Classic mode Authentication.
Claims are XML based SAML 2.0 token. Each token will be encrypted and contains user identity information. For example a claim can contain:
1. User name
2. Access Rights
Claims based Authentication is also called Federated Authentication as the Authentication is federated to a 3rd party provider. Following would be a typical scenario for Claims based Authentication.
Imaging you has a SharePoint site for Document Management. You have shared the site in public. Your customers are different Corporations like Corp A, Corp B etc. A corporate employee of Corp A needs to access the SharePoint site. It is tedious to maintain an authentication for each corporation in the SharePoint active directory. Here the corporate employee who is authenticated with their own company public sites & produce the same claims to access our SharePoint site.
Thus the authentication is externalized.
The image above depicts the following:
1. User access to SharePoint Site
2. SharePoint Site redirects to the Corp A login page
3. User authenticates to Corp A
4. Corp A provides a set of claims to the user
5. Corp A redirects to SharePoint Site
6. SharePoint Site validates the claim
7. User is given access to SharePoint Site
There should be a pre-configured Trust between SharePoint Site & Corp A application for the above to work.
In this post we have explored basics of claims based authentication. In the upcoming articles I will explain how to setup create a custom claims provider for SharePoint 2013