SharePoint 2013 Authentication – Windows Claims

Sharepoint 2013

SharePoint 2013 – Windows Claims Authentication

The following is the interaction between

  1. Client Computer
  2. SharePoint Server
  3. Active Directory Domain Service

The Windows Claims Authentication Process

  1. User does anonymous request to secured SharePoint Webpage
  2. SharePoint requests back Windows Credentials (It can be a NTLM or Kerberos or basic)
  3. If user is in intranet zone, the browser sends back the logged in credentials to SharePoint, else user is prompted for credentials
  4. For both the cases the browser send back the credentials to SharePoint
  5. SharePoint then validates this credentials with Active Directory Domain Services (AD DS)
  6. AD DS then responds back to SharePoint with Windows Security Token
  7. SharePoint then checks, to which security groups the user belongs in AD DS
  8. SharePoint then creates a claims based security token using Security Token Service
  9. Then SharePoint stores this security token with Distributed Cache Service on the farm
  10. The IIS Server in SharePoint server then send the auth code to the user’s computer
  11. The client computer then uses this auth code for subsequent requests

The following Video will explain the Windows claims authentication in SharePoint 2013. This video is part of the Authentication overview for SharePoint 2013 article located at https://technet.microsoft.com/en-us/library/jj219571.aspx

For more information on SharePoint Claims check out more articles at http://social.technet.microsoft.com/wiki/contents/articles/14214.sharepoint-2013-claims-based-authentication.aspx