Claim based authentication is a authentication mechanism which acts as an alternative to the traditional username/password mode of authentication. Claim based authentication makes it easy to implement features like Single Sign On, by re-using the same set of security token across multiple applications / services.
In Claim based authentication, the application/service is relieved from implementing the logic to validate a user’s identity; instead the validation is done by an independent Identity Provider, commonly known as Security Token Service (STS)
A Claim is a piece of information specific to a user or an organization, a security token encapsulates a set of claims, the security token is provided by the identity provider and is used by various applications/services to recognize the user.
To accept the security token provided by an Identity
Provider, the Application/Service should have a mutual trust/relationship
with the Identity Provider.
The user registers with the Identity Provider (STS) gets a security token, and passes the security token to gain access to various applications/service which recognizes the security token.
The user registers with the Identity Provider (STS) gets a security token, and passes the security token to gain access to various applications/service which recognizes the security token.
The user can send the initial request to the
Application/service by embedding the security token with the request, so that
he gains instant access to the applications instead of being redirected to the
Identity provider’s login page.
http://msdn.microsoft.com/en-us/library/ff359101.aspx
No comments:
Post a Comment