Chapter 6

Claims Authentication and OAuth

WHAT’S IN THIS CHAPTER?

• What’s new with claims and authorization?
• User authentication
• Application authentication
• Server-to-server authentication

SharePoint 2013 contains several new enhancements to the claims infrastructure, and it introduces Open Authorization (OAuth) capability, which enables new server-to-server and application authentication scenarios.

A user authentication model called claims-based authentication (CBA) was first introduced in SharePoint 2010. SharePoint websites using CBA are said to be using claims authentication, or just claims. SharePoint 2013 introduces several new enhancements to the claims infrastructure and capability, and it is now the default user authentication mechanism for all SharePoint 2013 websites. As SharePoint adoption increases, users are accessing SharePoint websites from both their company’s on-premise implementation and from cloud-based solutions such as Windows Azure, and SharePoint online, which is a part of Office 365. A SharePoint application may even be accessed from different organizations. This diverse set of access scenarios requires a robust authentication and authorization infrastructure, which CBA provides for applications running on-premises or in the cloud.

CBA is based on the concept of identity and utilizes open-source standards and protocols so that it works with any corporate identity system, not just Active Directory and not just Windows-based systems. Identity is represented ...