2

I'm hoping there is an F5 way to do what is described in this article:

http://blog.auth360.net/2010/12/03/the-triumvirate-uag-2010sp1-ad-fs-2-0-and-kerberos/

Users login to a mobile app using claims-based authentication at the front-end and need to connect to SharePoint 2010 using Kerberos at the back-end. SharePoint 2010 in this case does NOT support claims. A user will logon via AD FS and then need F5 to request a Kerberos ticket on behalf of the user and use that ticket to authenticate to SharePoint 2010. We’re mixing authentication using claims-based authentication at the edge and then Kerberos for authenticating to SharePoint 2010.

Update: I know SharePoint 2010 can support claims. In this case I am not allowed to modify the existing SharePoint 2010 environment.

DarrellNorton
  • 121
  • 4

1 Answers1

1

You can use the Claims to Windows Token Service available with AD FS 2 to take a claims principal issued by AD FS and turn it into a constrained Kerberos ticket.

That being said, SharePoint 2010 definitely supports native Claims authentication used with the client object model. It is not easy, but it is possible.

Further, if you have a SharePoint add-in which is what is really requiring use of Kerberos, SharePoint will automatically use C2WTS.

Mitch
  • 2,363
  • 14
  • 23
  • I know SharePoint can support claims. In this case I am not allowed to modify SharePoint. Updated my question with this. I will look into C2WTS. Thanks! – DarrellNorton Jan 16 '14 at 10:35