Skip to main content


SharePoint 2013: Claims Infrastructure – Part IV

Welcome to the final part of my series on the Claims Infrastructure in SharePoint 2013.  In the previous parts, I spoke on Distributed Cache Service and how it’s improved the authentication model in SharePoint 2013.  Then I looked at OAuth and SharePoint Apps in relation to their use of claims through the OAuth model.  Finally, we looked at Search and Claims, specifically changes to Business Connectivity Services (BCS) that allow claims to be surfaced into the index for better security trimming.  In this post, we’re going to focus on Server to Server (S2S) Authentication and the capabilities it provides to pull data from SharePoint 2013, Exchange 2013, Lync 2013, Office Web Apps 2013, and Office 365.
S2S works by sharing certificates between one of the above servers (even if they’re the same type and/or in the cloud) to allow direct reference into the server using the current user’s identity.  Once a certificate from each server is deposited in the trust center for the other server, claims can flow across that link.  If you remember, in SharePoint 2010, you could publish shared service applications (SSAs) from farm to farm.  S2S is a similar concept, but supports crossing into Lync, Exchange, and the cloud.  In addition, S2S is an extensible model that other vendors can build into their system (it requires claims and sharing certificates).
The major example of this concept in SharePoint 2013 is the “My Tasks” functionality that’s been added to My Sites.  When you click on My Tasks, SharePoint is using Search behind the scenes to find all Tasks assigned to you from everywhere within SharePoint.  While that’s cool in and of itself, it would be really cool if My Tasks could also pull Tasks you’ve set in Outlook that are synced in Exchange.  Especially since Exchange 2013 uses the same Search engine behind the scenes (yes, FAST is now built into Exchange too).  With S2S, this functionality exists out of the box and Search is able to cross the boundary between Exchange and SharePoint to pull the Tasks you’ve set up in Exchange and surface them on your My Tasks list in SharePoint.
The largest example, however, is with Office Web Apps (OWA), which is now its own server application that runs separate of SharePoint and works with Exchange, Lync, and Office 365.  OWA supports S2S to get documents out of these other server applications and surface them in the respective web app.  You probably didn’t realize that this is what’s going on behind the scenes, but given how powerful S2S is, the sky is the limit.  All of this is made possible because each of the server applications understand claims and communicate on the same wavelength thanks to S2S Authentication.
I hope that this post and its three siblings show you that claims is not something to be scared of but instead provides a great amount of flexibility and power that we didn’t have before.  Still, there’s a lot of room open to creativity by leveraging the OAuth and S2S functionality that exists inside of SharePoint (and the other Office server applications).  Where would you like to see Microsoft take claims next?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Andrew Schwenker

Andrew Schwenker is a Sr. Technical Consultant within Perficient’s Microsoft National Business Unit East's SharePoint practice. Andrew has nearly 2 years of experience in consulting and has participated in projects that have touched nearly every aspect of SharePoint 2010. Andrew earned his Bachelor’s degree in Computer Science as well as Master’s degrees in Computer Science and Information Systems from Indiana University. He’s interested in creating winning solutions to generate business innovation using SharePoint. Prior to starting at Perficient, Andrew completed internships with General Electric, ExactTarget, and Great American Financial Resources. During his studies, he actively participated in Alpha Phi Omega National Service Fraternity and competed in the first annual Cluster Challenge at SC07 in Reno, NV. Andrew was a part of the dynamic PointBridge team that was acquired by Perficient.

More from this Author

Follow Us