Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Configure Client Certificate Authentication (SharePoint Server 2010)

Published: March 10, 2011

Client Certificate Authentication enables Web-based clients to establish their identity to a server and provides an additional layer of security for your network.

note Note:

For more information about Client Certificate Authentication, see Certificate-based Authentication Protocols (http://go.microsoft.com/fwlink/p/?LinkId=212507).

Microsoft SharePoint Server 2010 does not provide built-in support for Client Certificate Authentication, but Client Certificate Authentication is available through integration with Active Directory Federation Services (AD FS) 2.0, or any third-party identity management system that supports standard security protocols such as claims-based authentication, WS-Trust, WS-Federation, and SAML 1.1.

note Note:

For more information about SharePoint Server 2010 protocol requirements, see SharePoint Front-End Protocols (http://go.microsoft.com/fwlink/p/?LinkId=212509).

SharePoint Server 2010 makes it possible to use a variety of Security Token Services (STS) through claims-based authentication. If you use claims-based authentication and you configure AD FS 2.0 as your STS, SharePoint Server 2010 can support any Identity Provider that is trusted by AD FS 2.0, including Client Certificate Authentication.

note Note:

For more information about AD FS 2.0, see Active Directory Federation Services Overview (http://go.microsoft.com/fwlink/p/?LinkId=212512).

In the following model, an administrator needs to configure SharePoint Server 2010 as a relying partner for an Identity Provider STS. (This example uses AD FS 2.0 for the STS, but you can also use a third-party STS.) AD FS 2.0 can authenticate user accounts via several different types of authentication methods: forms-based authentication, Active Directory Domain Services (AD DS), client certificates, and smart cards. When you configure SharePoint Server 2010 as a relying partner for an STS, SharePoint Server 2010 trusts the accounts that the STS validates, which is how SharePoint Server 2010 supports Client Certificate Authentication.

SharePoint Server 2010 with ADFS 2.0

Configure Client Certificate Authentication

The following topics explain how to configure SharePoint Server 2010 with Client Certificate authentication or Smart Card authentication by using AD FS 2.0 as your STS.

note Note:

The required steps will be similar for a third-party STS.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.