In case you haven’t heard, all web applications in SharePoint 2013 will default to claims-based authentication. While it’s possible to create a “classic” web application still, Microsoft has deprecated the functionality in favor of the future. That means many organizations will be defaulting to a claims-enabled world.
Fear not! Claims is not the end of the world. In fact, it opens up a whole new world to your organization. Unlike the siloed approach that a classic web application provides, claims allows you to use multiple types of authentication on a single web application. While this doesn’t change much for the end user, aside from the need to enable cookies, it allows the administrator to augment the claims that a user gets to include more than just the basic information.
When you couple this claims augmentation with a tool like Active Directory Federation Services (ADFS), you can implement single sign on (SSO). SSO through ADFS allows you to set up multiple applications and systems as “Relying Parties”. The application trusts the authentication cookie from ADFS. So if you have a bunch of systems that all trust ADFS, then the user simply signs into ADFS and can then access all systems without signing in again. More importantly, if you use SharePoint to surface data from other relying party systems in a per-user manner, claims cookies or “tokens” can be passed to the underlying system. This provides an audit trail and removes the need for a specific access account that has more permissions than the current user.
Of course, none of this is new with SharePoint 2013. However, the deprecation of classic authentication in SharePoint 2013 means an organization is poised to take advantage of the SSO opportunity as low-hanging fruit. If you haven’t looked at using claims to create an SSO solution for your organization, deployment of SharePoint 2013 may be the right time.
Pingback: What's New in SharePoint 2013? Let's ask the experts... | Microsoft Enterprise Technologies