Skip to content

Latest commit

 

History

History
27 lines (23 loc) · 1.49 KB

ClaimsAuthenticationManager.md

File metadata and controls

27 lines (23 loc) · 1.49 KB

ClaimsAuthenticationManager

When using federated authentication the identity provider solely decides what claims to use to populate the incoming identity. If using multiple identity providers there is very high probability that they will present the same information in somewhat different ways. That's where the ClaimsAuthenticationManager fits in. It works as a translation filter that can modify or replace the incoming identity as soon as it has been constructed from the incoming authentication response.

Implement a ClaimsAuthenticationManager by creating a class derived from the System.Security.Claims.ClaimsAuthenticationManager class.

Then register it with a <claimsAuthenticationManager> element in the configuration if the configuration is loaded from the config file. If the configuration is done in code (typically for the OWIN middleware) the ClaimsAuthenticationManager should be registered in Options.SPOptions.SystemIdentityModelIdentityConfiguration.ClaimsAuthenticationManager.

Single Logout

If you are using Single Logout, you need to make sure that the claims containing the AuthServices logout information are present in the returned identity. The types of the claims are available in AuthServicesClaimTypes.SessionIndex and AuthServicesClaimTypes.LogoutNameIdentifier.