Export (0) Print
Expand All

Configure Client Certificate Authentication (SharePoint Foundation 2010)

 

Applies to: SharePoint Foundation 2010

Topic Last Modified: 2011-08-05

Client Certificate Authentication enables Web-based clients to establish their identity to a server and provides an additional layer of security for your network.

noteNote
For more information about Client Certificate Authentication, see Certificate-based Authentication Protocols (http://go.microsoft.com/fwlink/p/?LinkId=212507).

Microsoft SharePoint Foundation 2010 does not provide built-in support for Client Certificate Authentication, but Client Certificate Authentication is available through integration with Active Directory Federation Services (AD FS) 2.0, or any third-party identity management system that supports standard security protocols such as claims-based authentication, WS-Trust, WS-Federation, and SAML 1.1.

noteNote
For more information about SharePoint Foundation 2010 protocol requirements, see SharePoint Front-End Protocols (http://go.microsoft.com/fwlink/p/?LinkId=212509).

SharePoint Foundation 2010 makes it possible to use a variety of Security Token Services (STS) through claims-based authentication. If you use claims-based authentication and you configure AD FS 2.0 as your STS, SharePoint Foundation 2010 can support any Identity Provider that is trusted by AD FS 2.0, including Client Certificate Authentication.

noteNote
For more information about AD FS 2.0, see Active Directory Federation Services Overview (http://go.microsoft.com/fwlink/p/?LinkId=212512).

In the following model, an administrator needs to configure SharePoint Foundation 2010 as a relying partner for an Identity Provider STS. (This example uses AD FS 2.0 for the STS, but you can also use a third-party STS.) AD FS 2.0 can authenticate user accounts via several different types of authentication methods: forms-based authentication, Active Directory Domain Services (AD DS), client certificates, and smart cards. When you configure SharePoint Foundation 2010 as a relying partner for an STS, SharePoint Foundation 2010 trusts the accounts that the STS validates, which is how SharePoint Foundation 2010 supports Client Certificate Authentication.

SharePoint Server 2010 with ADFS 2.0

The following topics explain how to configure SharePoint Foundation 2010 with Client Certificate authentication or Smart Card authentication by using AD FS 2.0 as your STS.

noteNote
The required steps will be similar for a third-party STS.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft