Wrox Real World Sharepoint 2010 – Chapter 4

[Chapter 4: Claimed-Based Authentication]

kerberos use a Key Distribution Center (KDC) to safeghuard information and broker ticket issuance. As such, Keberos is commonly known as network-based identity, because Keberos protocol provides third party authentication where a user proves his or her identity by the use of a centralized server.

Bundled identity information in the digtal context is often referred to as a token, or security token. A security token can contain any number of arbitrary claims. Each claim represents a piece of information – referred to as [assertions]. Each of the token is digitally signed to ensure validity.

Each token in a CBA is generated by a security token service (STS). If user has more than one identities, then an [identity selector] is used.

Components of a claimed-based authentication:

** Active Directory Federation services (AD FS) — the central component in a claimed-based environment is STS, and Microsfot’s STS solution is ADFS (ADFS is a STS).  ADFS issues SAML token in response to WS-Trust requests. Supports both active and passive clients. Can be used from a web and client environment.

** Windows Identity Foundation (WIF) —

** Cardspace — Microsoft’s version of identity selector.

Configuring Sharepoint Claim-based authentication: By default, Sharepoint 2010 includes a trusted STS. the web service name in IIS is “SecurityTokenService”.  Use “Get-SPTrustedIdentityTokenIssuer” command to examine the “IdentityClaimTypeInformation”, it is possible to findout exactly what claims Sharepoint is expecting.

In a real world, ASFS 2.0 will be hosted on a separate server.

(P.129, 6/4. 12:24 PM)

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: