What is claim?

What is Token?

A token is a set of bytes that expresses information abount an entity i.e. user:

Identity tokens and claims

Claim based identity

A claims-based identity is the set of claims. A claim is a statement that an entity (a user or another application) makes about itself, it’s just a claim.

It relies on three main components:

Components of claim based identity

Components of claim based identity

Microsoft identity technologies

Microsoft identity technologies overview

Identity provider

STS is commonly provided by an identity provider (or issuer)

Identity provider (or issuer):

Security Token

A token is created by a security token service (STS).

Security token service (STS):

Getting token

Getting identity token from identity provider (or issuer)

Accepting and using token

The identity library accepts token (submitted by user) and then process it (validate, varify etc).

Accepting and using identity token

How Applications Can Use Claims

Multiple identity providers

Claim based approach makes it easier to use multiple identify providers:

Using Multiple identity providers

Identity federation

Identity federation allows user from one organization to access resources of other organization mentioned that both organizations belongs to same group/corporation.

Federation: the action of forming states or organizations into a single group with centralized control.

Illustrating Identity federation

Claims Transformation

Accessing enterprise application

Accessing enterprise application: on-premises

Accessing enterprise application - on premises

Accessing enterprise application: via internet

Accessing enterprise application - via internet

Accessing enterprise application: in cloud

Accessing enterprise application - in cloud

Single sign on

Single sign on = SSO

Single sign on

Azure active directory as identity provider

Azure active directory as identity provider

Azure active directory as federation provider

Azure active directory as federation provider

Azure AD Access Control as federation provider

Azure AD access control as federation provider

Thrid party identity provider

Allowing login with Thrid party identity provider