Hi,
What you guess is correct. If SharePoint authentication has been changed to a third party identity provider, such as ADFS, the third party identity provider will take the role to authenticate users, and after authentication successfully, a valid security
token would be sent to SharePoint. SharePoint security token service(STS) would convert the security token to a claim token for usage.
Please refer to the following articles for more information about ADFS authentication flow:
http://summit7systems.com/claims-based-authentication-adfs-3-0-and-sharepoint-2013-beginners-guide/
http://summit7systems.com/beginners-guide-to-claims-based-authentication-ad-fs-3-0-and-sharepoint-2013-part-iii-configuring-sharepoint-2013-for-ad-fs/
https://technet.microsoft.com/en-us/library/hh305235.aspx
Thanks,
Reken Liu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
tnmff@microsoft.com.
