Claim Based Authentication || Part 2

ashishbanga28, 2012-11-09

Hey Friends,

Back with the topic: Claim Based Authentication. To get the over view of part 1 you can refer the blog:

Claim based authentication || part1

I left at the point

foundation for Claim Based Authentication

and have to start with second point

2) What are the services help to work on it.


The topic which was just a one topic in description of MOSS2007 , who knows will become the future. With the Release 2 of Windows 2003 Server, Microsoft released a feature called Active Directory Federation Service (ADFS) or Geneva Server. The objective of ADFS is to resolve the situation How two completely separate organizations share access to web applications like SharePoint without creating local accounts for the user of other organization. Idea which was coming from mind to practical is simple to understand, but the technique beneath is more advanced and I can just provide a brief of it.

The basic idea of ADFS is to make it possible for an organization to use its own user accounts to get access on a remote web application. For example, assume that you have two companies, ABC and XYZ. User B works for XYZ , and he needs access to a SharePoint site in ABC. B talks to the administrator for the site in ABC, which then grants the XYZ\B account access to the requested site.

The magic in this scenario is managed by adding extra servers to your Active Directory domain, one in each organization. The primary ADFS server is referred to as the federation server and hosts the federation service component. Its primary task is to route incoming requests from the Internet to the web site a user is trying to access. It is also responsible for creating a security token that will be passed on to the web application. The process that validates the external user is the ADFS Web Agent, which runs on the SharePoint server or any Web Server.

You can also protect federation server being exposed to the Internet by installing an optional federation proxy server. Just the same reason for what we use MS-ISA Server.

Protocol behind ADFS is standard Security Assertion Mark-up Language (SAML).

Windows Identity Foundation or Geneva Framework

In life we have to access many different websites, and every website require a different username and password. It would be great if we have one identity/claim/authentication to access thing in whole SharePoint farm.

Windows Identity Foundation is an Application programming interface which can be used to develop a claim enabled application.

I will try to cover the 3rd part in next section.

Feel free to Rate and provide feedback if you find post useful

Hope this help


Reference to understand the same has been take from one of Best book of SharePoint 2010 Admin.

Filed under: SharePoint2010





Related content

Database Mirroring FAQ: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup?

Question: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? This question was sent to me via email. My reply follows. Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? Databases to be mirrored are currently running on 2005 SQL instances but will be upgraded to 2008 SQL in the near future.

Robert Davis


1,567 reads

Networking – Part 4

You may want to read Part 1 , Part 2 , and Part 3 before continuing. This time around I’d like to talk about social networking. We’ll start with social networking. Facebook, MySpace, and Twitter are all good examples of using technology to let…

Andy Warren


1,530 reads

Speaking at Community Events – More Thoughts

Last week I posted Speaking at Community Events – Time to Raise the Bar?, a first cut at talking about to what degree we should require experience for speakers at events like SQLSaturday as well as when it might be appropriate to add additional focus/limitations on the presentations that are accepted. I’ve got a few more thoughts on the topic this week, and I look forward to your comments.

Andy Warren


360 reads