25 Sep 2011

Claims-Based Authentication SharePoint


architecture of a system with externalized authentication

The externalized authentication provider is generally defined as the Identity Provider (IP) and often publishes a Security Token Service (STS).

The application or software solution externalizing the authentication process is called Service Provider (SP) or Relying Party (RP).

The consumer, who uses the SP authenticating with the IP is generally called the Subject

Web Services Federation Language 1.1 (WS-Federation):  “defines mechanisms to
allow different security realms to federate, such that authorized access to resources managed
in one realm can be provided to security principals whose identities are managed in other

Active Requestor:
Active Scenario (SOAP-oriented) is used by SharePoint 2010 in the service applications’ communication infrastructure.

Passive Requestor:
Web browser based scenario, SharePoint and web/HTTP


sequence diagram of WS-Federation for the Passive Requestor scenario.

Sequence diagram of WS-Federation for the Passive Requestor scenario.

No comments:

Post a Comment