Claims-Based Authentication (CBA)
- thierry sinassamy
How claims, tokens, and the authentication process help to grant access to an application.
Claim Definition : A token gets transmitted as a stream of bytes during transmission over a network (intranet/internet). Further, it contains user-specific information in claim format. Each claim includes the user’s name, age, manager’s name, and group name. For receiver-end verification, the token has a digital signature.
How does CBA work ?
Establish trudt between the RP and the STS means :
Sharing federation metadata
Using the RP’s public key, the STS encrypts the tokens
The RP uses the STS’s public key to verify tokens from STS
The RP uses its private key to decrypt the token and extract the claims from it
Examples of STS (Security Token Service) : Azure AD & Octa.
Users don’t need to set up numerous accounts on various domains and enter their login information each time they need to access a service or application.
Claims-Based Authentication gives an RP a uniform methodology for authentication.
The claims-based authentication clearly separates identity providers and applications consuming identity.