SAML-based Authentication in SharePoint 2013


In SAML claims mode, SharePoint 2013 accepts SAML tokens from a trusted external Security Token Service Provider (STS).

A user who tries to access a secured webpage  is redirected to the external login page of the STS provider, the STS is responsible for authenticating the user and producing the SAML token, SharePoint accepts and processes the SAML token and creates a claims based security token

SAML mode is commonly used with SSO (Single Sign On)

SAML-based claims authentication process

SAML-based claims authentication is an interaction between a ‘Client Computer‘, ‘SharePoint Server‘, ‘Identity Federation Server AD FS‘, and ‘AD DS domain controller’

trust relationships must be in place between

  • Identity Federation Server ‘AD FS‘ must trust the Authentication provider ‘AD FS
  • Identity Federation Server ‘AD FS‘ must trust token request from the SharePoint server
  • SharePoint server must trust the AD FS sever, the AD FS server use a signing certificate to sign SAML security token it issues, to validate the digital signature on the security token that issued by AD FS you can figure SharePoint farmwith the public portion of the certificate

18 Continue reading

Forms-based Authentication in SharePoint 2013


Forms-based authentication is a claims-based identity management system that is based on ASP.NET membership and role provider authentication

Forms-based authentication can be used against the following authentication providers

  • AD DS
  • A membership database such as a SQL Server database
  • An Lightweight Directory Access Protocol (LDAP)

Forms-based claims authentication process

Windows claims authentication is an interaction between a ‘Client Computer‘, ‘SharePoint Server‘, and a ‘Membership and Role Provider

11 Continue reading

Windows Authentication in SharePoint 2013


Windows authentication type takes advantage of your existing Windows authentication provider (AD DS) and the authentication protocols that a Windows domain environment uses to validate the credentials of connecting clients.

Windows authentication can be used by both claims-based authentication and classic mode

Windows Claims Authentication Process 

Windows claims authentication is an interaction between a ‘Client Computer‘, ‘SharePoint Server‘, and ‘AD DS domain controller

4 Continue reading

Anonymous Authentication in SharePoint 2013


SharePoint 2013 supports anonymous authentication. Users can access SharePoint content without validating their credentials. You use anonymous authentication when you use SharePoint 2013 to publish content that available for all users such as public internet website

Anonymous authentication is disabled by default, you can enable it but you will need to configure anonymous access on sites and sites resources

To enable anonymous access Continue reading

Authentication Methods in SharePoint 2013


In this series I’m going to talk about the authentication methods and authentication types in SharePoint 2013 , also I will talk about authentication process of each type as well.

In this post I will cover some definitions and will talk about Authentication methods in SharePoint (Claims-based authentication and Classic mode authentication)

In the next posts I will cover the authentication types in SharePoint 2013 (Windows Authentication, Forms-based Authentication, and SAML-based Authentication)

What is Authentication? Continue reading

State Service Configuration in Microsoft SharePoint Server 2013

After installing SharePoint Server 2013 I created a site collection, when I tried to perform a simple approval workflow I got the below error

The form cannot be rendered. This may be due to a misconfiguration of the Microsoft SharePoint Server State Service. For more information, contact your server administrator


Continue reading

Create the Configuration Database for Standalone Installation with a Local Account – SharePoint Server 2013

After I’m done installing SharePoint Server 2013 on Windows Server 2012 R2 I ran the configuration wizard to finalize and configure the installation

At the step “Specify Configuration Database Setting” I chose to use my local machine as my database server (because it a development machine) and I left the default database name unchanged

At the “Specify Database Access Account” section I typed my current local account as I’m working on my local home development machine and I’m not connected to a domain  as the following

2_1 Continue reading