This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

SharePoint and ADFS with Claims based authentication

Question
0

Sign in to vote

Can someone break down how this works if I'm using a third party identity provider? Let's say I get to the login page and I select the third party identity provider as my authentication mechanism instead of Windows. Does this then use ADFS and check AD DS to see if the credential is valid? I ask this because the AD DS server has the AD accounts mapped to an x509 certificate, and supposedly the third party identity provider will not work without a smart card. But how is that? I can only presume the ADFS server is doing a lookup against the mapped account in AD DS?

Friday, October 9, 2015 1:20 AM

Answers

0

Sign in to vote
Hi,

What you guess is correct. If SharePoint authentication has been changed to a third party identity provider, such as ADFS, the third party identity provider will take the role to authenticate users, and after authentication successfully, a valid security token would be sent to SharePoint. SharePoint security token service(STS) would convert the security token to a claim token for usage.

Please refer to the following articles for more information about ADFS authentication flow:

http://summit7systems.com/claims-based-authentication-adfs-3-0-and-sharepoint-2013-beginners-guide/

http://summit7systems.com/beginners-guide-to-claims-based-authentication-ad-fs-3-0-and-sharepoint-2013-part-iii-configuring-sharepoint-2013-for-ad-fs/

https://technet.microsoft.com/en-us/library/hh305235.aspx

Thanks,
Reken Liu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Victoria Xia Thursday, October 22, 2015 9:50 AM
- Marked as answer by Hemendra Agrawal Monday, November 2, 2015 6:50 AM
Monday, October 12, 2015 9:27 AM