claims provider vs TrustedIdentityTokenIssuer

Hi - Can someone explain the difference between a Claims Provider and a SPTrustedIdentityTokenIssuer?

They have different PowerShell cmdlets e.g. Get-SPTrustedIdentityTokenIssuer  vs Get-SPClaimProvider

If this can be explained in plain English that would be great

Awesome in fact

Cheers

J

March 19th, 2015 3:30pm

Hi,

We are currently looking into this issue and will give you an update as soon as possible.
 
Thank you for your understanding and support.

Best Regards,

Lisa Chen

Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2015 10:46pm

Hi,

SPTrustedIdentityTokenIssuer represents an external token issuer trusted by SharePoint, for example, when you configure SAML-based federation authentication with ADFS, the ADFS server is the trusted identity token issuer. You can also understand it as the trusted identity provider. When user authenticate against SharePoint, SharePoint redirects users authentication to the trusted identity token issuer, and the token issuer assigns token to user to enable user accessing SharePoint.

For more information,refer to the following article:

 https://technet.microsoft.com/en-us/library/hh305235.aspx

SPClaimProvider is function to add claims to users token. For example, when a user has successfully authenticated in SharePoint with Windows authentication, the claim provider Active Directory will add security groups which the user belongs to as claims into the users token. There might be several different claim providers for adding different claims to users token. 

More explanation about claim provider is available here:

https://msdn.microsoft.com/en-us/library/office/ee535894.aspx.

Best Regards,

Lisa Chen

March 23rd, 2015 3:34am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics