Claims

Claims-Based Authentication (CBA) is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet. Whether it's inside an enterprise organization, through a different provider or on the internet, claims-based authentication can simplify authentication logic across various systems. Claims-based identity abstracts the individual elements of identity and access control into two parts: a notion of claims, and the concept of an issuer or an authority.

The Claims nodes in the Management Site is used to set up and maintain CBA configuration settings and allow you to add, edit or delete Resource Types, Resources, and Realms ,all of which work together to allow K2 to consume Claims as a Relying Party from a CBA-capable Identity Provider.

For more information on using and configuring Claims-Based Authentication (CBA) in K2, please see the K2 Knowledge Base article KB001688 - Authentication and Authorization in K2

If you're using a custom STS and IdP, you must ensure that SAML tokens are issued in the 1.1 or 2.0 format and routed to K2 using the WS-Fed protocol.
Before you start configuring a Trusted Provider to allow users from an identity store to be recognized by K2, ensure you have the following information at hand:
  • Issuer Name & Description
  • URI (typically you'll use the K2 FBA STS -- https://{K2 Site}/Identity/sts/Forms/wsfed, because this is the STS that will handle FBA and Trusted Providers)
  • The issuer's Thumbprint
  • The Original Issuer
  • The Identity Provider Claim, Type & Value
  • The Identity Claim & Type
  • The Realm and Audience
When you need to manually configure a claims issuer, it's extremely important to know what all of your values need to be before you attempt to configure it. Also remember that these settings are case-sensitive. Any errant values can cause strange errors if everything isn't exactly right, so make sure you have the correct values on hand before you start, and be sure to enter values exactly as needed, paying special attention to case-sensitivity and any leading or trailing spaces.