This section contains links to many articles and books that contain background information that will help you fully understand the different authentication methods that SharePoint 2013 supports.
Step 1: Learn about the basic, digest, and anonymous methods of authentication for Internet Information Services (IIS).
In some cases, you might want to use the basic, digest, and anonymous authentication methods for SharePoint web sites. For an explanation of these authentication methods, see IIS Authentication. For configuration steps, see Configuring Authentication in IIS 7.
Your goal is to understand the use, role, and comparative advantages of the basic, digest, and anonymous methods of authentication for IIS and how to configure them for web sites that IIS hosts.
Step 2: Learn about the NTLM authentication method.
When you use Windows claims or Windows classic user authentication methods,
SharePoint 2013 can use the NTLM authentication method. See Microsoft NTLM and NTLM Authentication Scheme for HTTP.
Your goal is to understand how NTLM works to authenticate user access to web sites.
Step 3: Learn about the Kerberos protocol and authentication method.
When you use Windows claims or Windows classic user authentication methods, SharePoint 2013 can use the Kerberos protocol and authentication method. For the Kerberos protocol, see What Is Kerberos Authentication? and How the Kerberos Version 5 Authentication Protocol Works. For the Kerberos protocol that is used for web authentication, see How Kerberos Works.
Your goal is to understand how the Kerberos protocol works to authenticate user access to web sites.
Step 4: Learn about claims-based authentication.
We recommend claims-based authentication for user authentication in SharePoint 2013.
App authentication and server-to-server authentication required claims-based
authentication. See the Claims-based Identity for Windows white paper, An Introduction to Claims, and Claims-Based Architectures.
Your goal is to understand the following concepts:
The benefits of claims-based authentication
The components of a claims identity infrastructure: identity provider, security token service, account and attribute store, web-enabled client and server applications, federation provider
How claims-based authentication works to authenticate user access to web sites
Step 5: Learn about Open Authorization (OAuth).
SharePoint 2013 uses OAuth for app authentication and server-to-server authentication.
See About OAuth, OAuth 2.0 Tutorial, and “Section 1. Introduction” of RFC 6749.
Your goal is to understand how OAuth provides an authorization mechanism to obtain access to protected resources.
Step 6: Learn how to create a public key infrastructure (PKI) with Active Directory Certificate Services (AD CS).
Some authentication methods require installed digital certificates on servers that run SharePoint 2013. These certificates can be purchased from a third-party certification authority or you can deploy your own PKI. You can deploy your own PKI with AD CS. See Designing a Public Key Infrastructure.
If you have to have AD CS for your PKI, your goal is to understand how to deploy an AD CS-based PKI and request specific types of certificates from an AD CS server.
Step 7: Learn how to configure HTTPS websites with Internet Information Services (IIS). Some authentication methods require HTTPS-based communication with servers that run SharePoint 2013 and that use IIS to host their web sites. See How to Set Up SSL on IIS 7. Your goal is to understand how to configure certificate bindings and enable HTTPS for web sites that run on IIS.
Level 100
The following documents contain introductory information about authentication in SharePoint 2013.
Step 1: Learn about the new features of authentication in SharePoint 2013.
See What's new in authentication for SharePoint 2013 and SharePoint 2013 training for IT pros:
Module 11.
Your goal is to understand the new capabilities of authentication, such as app
authentication, server-to-server authentication, and improvements to existing capabilities in SharePoint 2013.
Step 2: Understand the differences between user, app, and server-to-server authentication in SharePoint 2013.
See Authentication overview for SharePoint 2013.
Your goal is to understand how SharePoint 2013 uses user, app, and server-to-server authentication to provide user, app, and server resource access.
Level 200
The following content contains intermediate information about authentication in SharePoint 2013.
Step 1: Learn how to plan for and deploy user authentication in SharePoint 2013.
See Plan for user authentication methods in SharePoint 2013, Configure forms-based authentication for a claims-based web application in SharePoint 2013, and Configure SAML-based claims authentication with AD FS in SharePoint 2013.
View the following:
Windows claims authentication in SharePoint 2013 video
Forms-based claims authentication in SharePoint 2013 video
SAML-based claims authentication in SharePoint 2013 video
Your goal is to understand the following concepts:
The various methods to authenticate users that SharePoint 2013 supports and how they work
How to plan for the use of an authentication method in web applications and zones
How to configure forms-based authentication and Security Assertion Markup Language (SAML)-based authentication by using AD FS 2.0
Step 2: Demonstrate forms-based authentication in a test lab.
See Test Lab Guide: Demonstrate forms-based claims authentication for SharePoint Server 2013. View the following:
Demonstrate forms-based claims authentication for SharePoint Server 2013 test lab guide overview video
Your goal is to configure and demonstrate forms-based authentication by using the built-in Lightweight Directory Access Protocol (LDAP) membership provider built-in a test lab.
Step 3: Demonstrate SAML-based claims-based authentication in a test lab. View the following:
Demonstrate SAML-based claims authentication for SharePoint Server 2013 test lab guide overview video
See Test Lab Guide: Demonstrate SAML-based Claims Authentication with SharePoint Server 2013.
Your goal is to configure and demonstrate SAML-based claims-based authentication with AD FS as the identity provider in a test lab.
Step 4: Learn how to plan for and deploy app authentication in SharePoint 2013..
See Plan for app authentication in SharePoint 2013 and Configure app authentication in SharePoint Server 2013.
Your goal is to understand the various types of apps, the design considerations for app authentication, and how to configure SharePoint 2013 to support app authentication.
Step 5: Learn how to plan for and deploy server-to-server authentication in SharePoint 2013. See Plan for server-to-server authentication in SharePoint 2013 and Configure
server-to-server authentication in SharePoint 2013.
Your goal is to understand following concepts:
The design considerations for server-to-server authentication
How to configure SharePoint 2013 to support server-to-server authentication for other SharePoint farms
How to configure SharePoint 2013 to support servers that are running Microsoft Exchange Server 2013
How to configure SharePoint 2013 to support servers that are running Microsoft Lync Server 2013
Step 6: Learn how to migrate a Windows classic web application to Windows claims. See Migrate from classic-mode to claims-based authentication in SharePoint 2013.
Your goal is to understand the different ways in which you can convert a web application that uses Windows classic user authentication to use Windows claims-based
authentication in SharePoint 2013.
Step 7: Learn how to perform basic troubleshooting for claims-based user authentication. See Claims authentication does not validate user (SharePoint 2013).
Your goal is to understand the following concepts:
The tools that you use to collect claims authentication error and system state information
How to determine the specific claims method being used in a user authentication attempt
How to check configuration requirements
How to capture and analyze claims authentication network traffic
Level 300
The following content contains advanced information about authentication in SharePoint 2013.
Step 1: Learn how to create custom claims providers for SharePoint 2013. See Claims Walkthrough: Writing Claims Providers for SharePoint 2010.
Note:
Although this article is for SharePoint 2010, the content also applies to SharePoint 2013.
Your goal is to understand how to augment claims and provide name resolution in a custom claims provider for SharePoint 2013.
Step 2: Understand claims-based user authentication processes in SharePoint 2013. See the "Overview of Advanced Claims-Based Authentication Scenarios " section in Claims Architecture and Scenarios for SharePoint 2010 Developers.
Your goal is to understand the high-level architecture for claims-based user authentication in SharePoint and the detailed processes for Windows, forms-based, and SAML-based claims authentication.
Step 3: Understand the browser interaction for claims-based user authentication in SharePoint 2013.
See Appendix B of A Guide to Claims-Based Identity and Access Control (Second Edition).
Your goal is to understand the set of messages and their contents for various types of claims-based user authentication.