Export (0) Print
Expand All
0 out of 3 rated this helpful - Rate this topic

Configure client certificate authentication for SharePoint 2013

Published: September 25, 2012

Summary: Learn how to configure SharePoint 2013 to support user authentication using a client certificate.

Applies to:  SharePoint Server 2013 Enterprise | SharePoint Server 2013 Standard | SharePoint Foundation 2013 

Client certificate authentication enables web-based clients to establish their identity to a server by using a digital certificate, which provides additional security for user authentication. SharePoint 2013 does not provide built-in support for client certificate authentication, but client certificate authentication is available through Security Assertion Markup Language (SAML)-based claims authentication. You can use Active Directory Federation Services (AD FS) 2.0 as your security token service (STS) for SAML claims or any third-party identity management system that supports standard security protocols such as WS-Trust, WS-Federation, and SAML 1.1.

note Note:

For more information about SharePoint 2013 protocol requirements, see SharePoint Front-End Protocols.

Claims-based authentication in SharePoint 2013 allows you to use different STSs. If you configure AD FS as your STS, SharePoint 2013 can support any identity provider or authentication method that AD FS supports, which includes client certificate authentication.

note Note:

For more information about AD FS, see Active Directory Federation Services Overview.

In the following figure, SharePoint 2013 is configured as a relying partner for an AD FS-based STS.

SharePoint Server 2010 with ADFS 2.0

AD FS can authenticate user accounts for several different types of authentication methods, such as forms-based authentication, Active Directory Domain Services (AD DS), client certificates, and smart cards. When you configure SharePoint 2013 as a relying partner of AD FS, SharePoint 2013 trusts the accounts that AD FS validates and the authentication methods that AD FS uses to validate those accounts. This is how SharePoint 2013 supports client certificate authentication.

Configure client certificate authentication

The following topics explain how to configure SharePoint 2013 with client certificate authentication or smart card authentication when you use AD FS as your STS:

  1. Configure AD FS to support claims-based authentication.

    For more information, see AD FS 2.0 - How to change the local authentication type (http://go.microsoft.com/fwlink/p/?LinkId=212513).

  2. Configure SharePoint 2013 to support SAML-based claims authentication using AD FS.

    For more information, see Configure SAML-based claims authentication with AD FS in SharePoint 2013.

  3. Create a web application that uses SAML-based claims authentication.

    For more information, see Create claims-based web applications in SharePoint 2013.

note Note:

These steps will be similar for a third-party STS.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.