Windows
Forms Based Auth
Claim
ClaimType
Type
Value
Value
Value
Nameidentifier
Nameidentifier
Contoso\gbadea
gbadea
gbadea
Primarysid
Upn
Role
S-1-5-21-2564101533
[email protected]
Readers
Audience
Sales
Managers
Upn
[email protected]
Role
Authors
Audience
Team
Userlogonname Sales
Contoso\gbadea
Userlogonname
gbadea
IsAuthenticated
IsAuthenticated True
True
IsAuthenticated
True
SAML
ADFS, Windows Live ID, Facebook



Authenticates users
Creates the set of claims granted to a user
Returns the claim set to a relying party
SP Web App, Custom .NET App

Consumes claims to make authorization decisions
SP STS, ADFS STS

Issues claims and packages them in signed security tokens
Built-in SP CP, Custom CP


Claims augmentation
Name resolution
Enables claims-based identity through

Security Token Server (STS) > issues tokens

Claims processing engine > transforms incoming and outgoing
claims

Support for a variety of attribute sources:



out of the box
custom
Administrative trust management capabilities > manage federated
trusts
Related components
• Windows Identity Framework (WIF) > use for building claims-
aware applications
• Azure AppFabric Access Control Service > use for issuing
claims from public identity providers
http://channel9.msdn.com/Events/TechEd
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn