Home

claimsbased

Claims-based is an approach to identity management in which a relying party consumes security tokens issued by an identity provider that contain claims about a user. A claim is a statement such as a subject identifier, name, email, role, or other attributes. The token is used to authenticate the user and authorize access to resources, allowing applications to rely on external authentication rather than maintaining their own credentials.

In a typical workflow, a user attempts to access an application, which redirects the user to an

Architecture commonly involves three roles: identity provider (the issuer of tokens), security token service (sometimes the

Standards and technologies frequently associated with claims-based identity include SAML 2.0 and OpenID Connect (which uses

Benefits include enabling single sign-on across domains, decoupling authentication from applications, and facilitating federated identities and

identity
provider
or
security
token
service.
After
successful
authentication,
the
issuer
creates
a
token
containing
a
set
of
claims.
The
relying
party
validates
the
token’s
integrity
and
authenticity,
extracts
the
claims,
and
constructs
a
user
principal
used
for
authorization
decisions.
same
as
the
IdP,
issuing
and
describing
tokens),
and
relying
party
(the
application
that
consumes
the
token).
Trust
is
established
through
token
signatures
and
metadata
that
describe
valid
issuers
and
keys.
JSON
Web
Tokens).
OAuth
2.0
often
underpins
the
authorization
flows
used
in
claims-based
systems,
and
in
some
environments
WS-Federation
or
WS-Trust
are
used.
scalable
authorization.
Considerations
involve
managing
trust
and
token
lifetimes,
ensuring
privacy
and
consent,
and
handling
claim
mapping
and
normalization
across
identity
providers.