K2 blackpearl Product Documentation: Installation and Configuration Guide
Supported Authentication Technologies and Terminology

Supported Technologies and Terminology (Claims)

OAuth

K2 supports OAuth 2.0 for authorization flow between SharePoint, K2, AzureAD and other OAuth 2.0-compatible systems. OAuth Resource Types can be registered with K2 and then Resources setup as instances of those types. The following Resource Types are automatically registered when installing K2 blackpearl:

An on-premises SharePoint site will register a SharePoint S2S resource for interacting with the SharePoint site, while a SharePoint Online site will register an Azure Active Directory and a SharePoint resource instance. 

SAML

K2 supports SAML (Security Assertion Markup Language) versions 1.1 & 2.0. SAML tokens are XML representations of claims, which is what many Microsoft products are adopting for authentication and authorization. The K2 platforms include a STS (Security Token Service) which cracks and packages claims into SAML tokens so that it can communicate with other claims-aware applications and line of business systems.

 Terminology

Term

Definition

Claim

A statement that one subject makes about itself or another subject. For example, the statement can be about a name, identity, key, group, privilege, or capability. Claims have a provider that issues them, and they are given one or more values.  This data about users is sent inside security tokens (SAML).

Claim rule

A rule that is written in the claim rule language of the provider that defines how to generate, transform, pass through, or filter claims.

Security Assertion Markup Language (SAML)

A protocol that specifies how to use HTTP Web browser redirects to exchange assertions data. SAML tokens are XML representations of claims.

Identity Provider (IdP)

A Web service that handles requests for trusted identity claims and issues SAML tokens. An identity provider uses a database called an identity store to store and manage identities and their associated attributes.

Relying Party (RP)

An application that consumes claims to make authentication and authorization decisions.  For example, the K2 server receives claims that determine if the issuer user can access K2 data.

Claims-aware application

A relying party software application that uses claims to manage identity and access for users.

Security Token Store (STS)

A Web service that issues security tokens. SharePoint implements a STS to authorize activities within the application from multiple authentication providers

Secure Sockets Layer (SSL)

A protocol that improves the security of data communication by using a combination of data encryption, digital certificates, and public key cryptography. SSL enables authentication and increases data integrity and privacy over networks. SSL does not provide authorization or nonrepudiation.

Active Directory Federation Services (AD FS)

A component of Windows Server 2008 that supports identity federation and Web single sign-on (SSO) for Web browser–based applications.

Federation server

A computer running Windows Server 2008 or Windows Server 2008 R2 that has been configured using the AD FS 2.0 Federation Server Configuration Wizard to act in the federation server role. A federation server issues tokens and serves as part of a Federation Service.

Federation Service

A logical instance of a security token service such as AD FS 2.0.

 

 


K2 blackpearl Product Documentation: Installation and Configuration Guide 4.6.11