Share via


Understanding SharePoint 2010 Claims Authentication

 

An identity provider makes claims about a user. A good example of an identity provider is Live ID. So Live ID will claim to have attributes and their values. For Example:

Identity Provider "provider of the attributes" contains username attribute containing DanCan. A custom identity provider created by a hacker also contains an account with username attribute named DanCan. Both identity providers are making claims about a user. The consumer "SharePoint 2010" must choose which claim it's going to trust. SharePoint 2010 by itself will never trust either claim without being told to do so. In order for SharePoint to use a claim, it must first trust that claim which is setup by you the SharePoint administrator. If claims are trusted, then SharePoint can authenticate and authorize over that claim.

https://blogs.msdn.com/b/russmax/archive/2010/05/27/understanding-sharepoint-2010-claims-authentication.aspx

Comments

  • Anonymous
    September 20, 2010
    Check Live ID & OpenID Trusted Identity Provider for SharePoint 2010 Claims Based Authentication here: www.shetabtech.com/.../SharePointLiveAuth It is another solution that supports OpenID and Windows Live Id both together and act as a SharePoint Trusted Identity Provider, in this solution Security Token Service (STS) can be installed at same machine. Have some benefit such as give permission just by e-mail and email verification too, it very great feature to prevent our mail server send spam to unwanted email address, it doesn’t need ADFS 2.0 server and much more interesting features.