I’ve grown up reading Tom Clancy and probably most of you have at least seen Red October, so this book caught my eye when browsing used books for a recent trip. It’s a fairly human look at what’s involved in sailing on a Trident missile submarine…
Back with the topic: Claim Based Authentication. To get the over view of part 1 you can refer the blog:
I left at the point
foundation for Claim Based Authentication
and have to start with second point
2) What are the services help to work on it.
The topic which was just a one topic in description of MOSS2007 , who knows will become the future. With the Release 2 of Windows 2003 Server, Microsoft released a feature called Active Directory Federation Service (ADFS) or Geneva Server. The objective of ADFS is to resolve the situation How two completely separate organizations share access to web applications like SharePoint without creating local accounts for the user of other organization. Idea which was coming from mind to practical is simple to understand, but the technique beneath is more advanced and I can just provide a brief of it.
The basic idea of ADFS is to make it possible for an organization to use its own user accounts to get access on a remote web application. For example, assume that you have two companies, ABC and XYZ. User B works for XYZ , and he needs access to a SharePoint site in ABC. B talks to the administrator for the site in ABC, which then grants the XYZ\B account access to the requested site.
The magic in this scenario is managed by adding extra servers to your Active Directory domain, one in each organization. The primary ADFS server is referred to as the federation server and hosts the federation service component. Its primary task is to route incoming requests from the Internet to the web site a user is trying to access. It is also responsible for creating a security token that will be passed on to the web application. The process that validates the external user is the ADFS Web Agent, which runs on the SharePoint server or any Web Server.
You can also protect federation server being exposed to the Internet by installing an optional federation proxy server. Just the same reason for what we use MS-ISA Server.
Protocol behind ADFS is standard Security Assertion Mark-up Language (SAML).
Windows Identity Foundation or Geneva Framework
In life we have to access many different websites, and every website require a different username and password. It would be great if we have one identity/claim/authentication to access thing in whole SharePoint farm.
Windows Identity Foundation is an Application programming interface which can be used to develop a claim enabled application.
I will try to cover the 3rd part in next section.
Feel free to Rate and provide feedback if you find post useful
Hope this help
Reference to understand the same has been take from one of Best book of SharePoint 2010 Admin.
Filed under: SharePoint2010