Overview

Claims-based authentication is built on Windows Identity Foundation (WIF), a framework for building claims-aware applications and security token service (STS) that is standards-based and interoperable. Interoperability is provided through reliance on industry standard protocols such as WS-Federation, WS-Trust, and Security Assertion Markup Language 1.1 (SAML).

In claims-based authentication, an identity provider, or security token service, responds to authentication requests and issues SAML security tokens that include any number of claims about a user, such as a user name and groups the user belongs to. A relying party application receives the SAML token and uses the claims inside to decide whether to grant the client access to the requested resource. Claims-based authentication can be used to authenticate your organization's internal users, external users, and users from partner organizations.

K2 relies on the configuration of a K2 user manager to provide authentication and user and group resolution for identity stores such as Active Directory, SQL, LDAP or Custom.   For more information see User Managers

K2 provides the ability for incoming claims-based authentication through configuration of mappings between claims-based identity providers and K2 user managers.

For more information, see References

For information on how to configure K2 Services to support Claims Authentication, see KB001426

Do not register multiple security labels against the SSPI (Windows Security Provider). Doing so will result in users being resolved incorrectly.