Back with the topic: Claim Based Authentication. For this topic blogs becomes too large and still feel learning is too short to describe Claim based Authentication.
To get the previous part over view you can refer the blog:
I left at
Description of ADFS
and have to start with Last point
3) How the package is prepared and brought to the forefront in SharePoint 2010.
Claims-Based Authentication is successful with 3 ideology.
WIF(Windows Identity Foundation) ie. called the “Geneva Framework” is an application programming interface which can be used to develop a claim enabled application. It provide a framework to the application to make it claim enable and also to create custom security token service. With the help of WIF Companies/Farms/Organizations uses a single identity model.
ADFS 2.0 : ie. called “Geneva Server,” is a service which is fully responsible for providing security token using security token service. For providing token it can used AD, LDAP and SQL as an identity and attribute store. It is supported by both active (WS-Trust) and passive (WS-Federation) mode.
Windows CardSpace 2.0: is an technology to select identity and help to logon to a website by replacing username and password with your identity. It is the repository of identity and represent the info in form of information cards.
Main components which can be extracted from above 3 are : tokens, identity providers, and Security Token Service.
Steps to explain authentication process:
1. When a person browse a site , web browser will request for a token from STS. This request is made using Active mode of ADFS (WS-Trust). The request includes the name of the user for whom the token is requested and an identifier that will give description of application the user is trying to access.
2. STS will look for the information and it verification. Information can be stored in any of source ex:- AD, LDAP and MS-SQL. After verifying the information of user , STS will issue a token which is then returned to the browser. Token which is issued by STS has been issued by and identity provider and who will be responsible for the validation of token or the information.
3. Once the token is received by browser it will forward the same to a web application. On the basis of that token, Application will verify the information and confirms that it is originated from trusted STS (as a trusted STS will be supported by Identity provider) . In this way authentication of a user is done.
Hope I was able to describe the content based on my knowledge and learning.
Feel free to Rate and provide feedback if you find post useful
Hope this help