| K2 blackpearl Product Documentation: Installation and Configuration Guide 4.6.10 |
| K2 blackpearl Installation and Configuration Guide > Planning Guide > Additional Planning Considerations > Supported Authentication Technologies and Terminology | Send feedback |
K2 supports OAuth 2.0 for authorization flow between SharePoint, K2, AzureAD and other OAuth 2.0-compatible systems. OAuth Resource Types can be registered with K2 and then Resources setup as instances of those types. The following Resource Types are automatically registered when installing K2 blackpearl:
An on-premises SharePoint site will register a SharePoint S2S resource for interacting with the SharePoint site, while a SharePoint Online site will register an Azure Active Directory and a SharePoint resource instance.
K2 supports SAML (Security Assertion Markup Language) versions 1.1 & 2.0. SAML tokens are XML representations of claims, which is what many Microsoft products are adopting for authentication and authorization. The K2 platforms include a STS (Security Token Service) which cracks and packages claims into SAML tokens so that it can communicate with other claims-aware applications and line of business systems.
Terminology
|
Term |
Definition |
|---|---|
|
Claim |
A statement that one subject makes about itself or another subject. For example, the statement can be about a name, identity, key, group, privilege, or capability. Claims have a provider that issues them, and they are given one or more values. This data about users is sent inside security tokens (SAML). |
|
Claim rule |
A rule that is written in the claim rule language of the provider that defines how to generate, transform, pass through, or filter claims. |
|
Security Assertion Markup Language (SAML) |
A protocol that specifies how to use HTTP Web browser redirects to exchange assertions data. SAML tokens are XML representations of claims. |
|
Identity Provider (IdP) |
A Web service that handles requests for trusted identity claims and issues SAML tokens. An identity provider uses a database called an identity store to store and manage identities and their associated attributes. |
|
Relying Party (RP) |
An application that consumes claims to make authentication and authorization decisions. For example, the K2 server receives claims that determine if the issuer user can access K2 data. |
|
Claims-aware application |
A relying party software application that uses claims to manage identity and access for users. |
|
Security Token Store (STS) |
A Web service that issues security tokens. SharePoint implements a STS to authorize activities within the application from multiple authentication providers |
|
Secure Sockets Layer (SSL) |
A protocol that improves the security of data communication by using a combination of data encryption, digital certificates, and public key cryptography. SSL enables authentication and increases data integrity and privacy over networks. SSL does not provide authorization or nonrepudiation. |
|
Active Directory Federation Services (AD FS) |
A component of Windows Server 2008 that supports identity federation and Web single sign-on (SSO) for Web browser–based applications. |
|
Federation server |
A computer running Windows Server 2008 or Windows Server 2008 R2 that has been configured using the AD FS 2.0 Federation Server Configuration Wizard to act in the federation server role. A federation server issues tokens and serves as part of a Federation Service. |
|
Federation Service |
A logical instance of a security token service such as AD FS 2.0. |
| K2 blackpearl Product Documentation: Installation and Configuration Guide 4.6.10 |