Claim Based Authentication || Part 2

Hey Friends,

Back with the topic: Claim Based Authentication. To get the over view of part 1 you can refer the blog:

Claim based authentication || part1

I left at the point

foundation for Claim Based Authentication

and have to start with second point

2) What are the services help to work on it.


The topic which was just a one topic in description of MOSS2007 , who knows will become the future. With the Release 2 of Windows 2003 Server, Microsoft released a feature called Active Directory Federation Service (ADFS) or Geneva Server. The objective of ADFS is to resolve the situation How two completely separate organizations share access to web applications like SharePoint without creating local accounts for the user of other organization. Idea which was coming from mind to practical is simple to understand, but the technique beneath is more advanced and I can just provide a brief of it.

The basic idea of ADFS is to make it possible for an organization to use its own user accounts to get access on a remote web application. For example, assume that you have two companies, ABC and XYZ. User B works for XYZ , and he needs access to a SharePoint site in ABC. B talks to the administrator for the site in ABC, which then grants the XYZ\B account access to the requested site.

The magic in this scenario is managed by adding extra servers to your Active Directory domain, one in each organization. The primary ADFS server is referred to as the federation server and hosts the federation service component. Its primary task is to route incoming requests from the Internet to the web site a user is trying to access. It is also responsible for creating a security token that will be passed on to the web application. The process that validates the external user is the ADFS Web Agent, which runs on the SharePoint server or any Web Server.

You can also protect federation server being exposed to the Internet by installing an optional federation proxy server. Just the same reason for what we use MS-ISA Server.

Protocol behind ADFS is standard Security Assertion Mark-up Language (SAML).

Windows Identity Foundation or Geneva Framework

In life we have to access many different websites, and every website require a different username and password. It would be great if we have one identity/claim/authentication to access thing in whole SharePoint farm.

Windows Identity Foundation is an Application programming interface which can be used to develop a claim enabled application.

I will try to cover the 3rd part in next section.

Feel free to Rate and provide feedback if you find post useful

Hope this help


Reference to understand the same has been take from one of Best book of SharePoint 2010 Admin.

This entry was posted in SharePoint2010, SQLServerPedia. Bookmark the permalink.

3 Responses to Claim Based Authentication || Part 2

  1. Pingback: Claim Based Authentication || Part 3 « AshishBanga

  2. Rajni says:

    Very informative Ashi…keep it up.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s