References:
1. http://technet.microsoft.com/en-us/library/ff973114.aspx
2. http://blogs.msdn.com/b/hsalvi/archive/2010/09/01/configuring-windows-live-id-authentication-provider-as-federated-identity-provider-for-sharepoint-2010.aspx
Overview:
1. The Windows Live ID cookie is cached on the client computer and sent to SharePoint Foundation 2010 by way of a POST response to a successful authentication request.
2. SharePoint Foundation 2010 converts the Windows Live ID SAML token to a SharePoint Foundation 2010 SAML token.
3. The PUID for the user is generated based on the user principal name (UPN) claim returned in the SAML token. This value is used throughout SharePoint Foundation 2010 to uniquely identify the user and perform access control.
4. SharePoint Foundation 2010 can augment user tokens with additional claims by using a custom claims provider, which is configured in the SharePoint Foundation 2010 Web application.
5. The SharePoint Foundation 2010 cookie is also returned to the client computer and cached for subsequent requests.
6. When the Windows Live ID or SharePoint Foundation 2010 cookie expires, the user is redirected to a Windows Live ID server.
No comments:
Post a Comment