Showing posts with label Claim. Show all posts
Showing posts with label Claim. Show all posts

Thursday, August 23, 2012

SharePoint 2013 Claim Based Authentication


SharePoint 2013 supports only Claim Based Authentication, though the preview version supports the Classic Windows authentication, it will be removed when the actual release roles out.

Authentication is the process by which the system validates the user and allows/denies access to the user.



In Classic windows authentication, the users are configured in the Windows server and their credentials are validated when the user logs into to Server.

In Claim based authentication an individual provider validates the credibility of the user and proved a security token, the security token can contain multiple claims each of which contains unique information about the user. Examples of claims are User Name, SSN etc.

The following claim based authentication methods are supported in SharePoint 2013

   Windows claims using Windows Identity Foundation
   Security Assertion Markup Language based claims
   Forms-based authentication based Claims

To know more about these refer to the following posts.
Claim Based Authentication
Windows Identity Foundation
Security Assertion Markup Language (SAML)

Related Post
SharePoint 2013 Hardware and Software Requirements
SharePoint 2013 Authentication
SharePoint 2013 Sites
SharePoint 2013 Communities
SharePoint 2013 Content
SharePoint 2013 Search
SharePoint 2013 Insight
SharePoint 2013 Composites
SharePoint 2013 Claim Based Authentication
SharePoint 2013 Support for OAuth 2.0
SharePoint 2013 Distributed Cache Service
Posted by at 0 comments
Labels: , , ,

Tuesday, August 21, 2012

Security Assertion Markup Language


Security Assertion Markup Language (SAML) is an Open XML Based standard used to implementing Claim Based Authentication. It provides a set of protocols to exchange security tokens between applications and services in XML format.

As part of the SAML XML message we can pass attributes to the target application/service, example of attributes are Name, email, SSN, etc, this provides additional information about the user to the target application/service. The role of the user can also be passed as an attribute, so that the target application/service can provide limited services to the user based on the role attribute.

Read more »
Posted by at 0 comments
Labels: , , , , ,

Windows Identity Foundation

Windows Identity Foundation is a Framework developed by Microsoft to help applications/service to recognize and use Security Tokens based on claims. In short it enables Claim Based Authentication for Applications and Services.

WIF provides a set of APIs which the applications can make use of to recognize the details from the claims, it helps applications to make decisions on whether to Grant/Deny access to the user/service based on the details in the Claims.
WIF provides a utility FedUtil, which helps in establishing the Trust between applications and the Identity Provider (STS). 

Read more »
Posted by at 0 comments
Labels: , , ,

Claim Based Authentication

Claim based authentication is a authentication mechanism which acts as an alternative to the traditional username/password mode of authentication. Claim based authentication makes it easy to implement features like Single Sign On, by re-using the same set of security token across multiple applications / services.

In Claim based authentication, the application/service is relieved from implementing the logic to validate a user’s identity; instead the validation is done by an independent Identity Provider, commonly known as Security Token Service (STS)
Read more »
Posted by at 0 comments
Labels: , , , ,
Subscribe to: Posts (Atom)