Some line of business portals has an issue with multiple authentication techniques because part of the authentication is done through LDAP or any other type of authentication techniques and the other part is done against AD.
The solution:
SharePoint 2010 security is the answer for this because SharePoint 2010 changes authentication in the following areas:
– Uses classic mode and claims based authentication
– Classic mode is SharePoint 2007 style legacy mode
– Claims-based authentication is the new security model
What are the benefits?
– Claims decouples SharePoint from the authentication provider
– Allows SharePoint to support multiple authentication providers per URL
– Identities can be passed without Kerberos delegation
– Allows federation between organizations
– ACLs can be configured with DLs, Audiences and OUs
Claims-Based Terminology
• Identity: security principal used to configure the security policy
• Claim (Assertion): attribute of an identity (such as Login Name, AD Group, etc.)
• Issuer: trusted party that creates claims
• Security Token: serialized set of claims (assertions) about an authenticated user.
• Issuing Authority: issues security tokens knowing claims desired by target application (AD, ASP.NET, LiveID, etc.)
• Security Token Service (STS): builds, signs and issues security tokens
• Relying Party: application that makes authorization decisions based on claims
Multi Authentication: When to Use It:
• Same experience for different class of users
• Single URL instead of doing 2 urls like we used to do in MOSS 2007
• Same experience for same users no matter where they access content from
• Outlook Web Access
• Preferred choice for cross company collaboration solutions
Most of the article taken from presentation by: Brian Culver, MCM, MCPD Solutions Architect Expert Point Solutions.
