SAML Token Claims Based Identity SAML Token Claims Based Identity SPUser

Claim Value Type. = String + = RFC822 Name

Is the endpoint outside of an app web? Does the token include user info? Is endpoint CSOM/REST? OAuth token present? End Start User credentials provided? Use anonymous context Set user context Set App-Only context Set app and user context Yes No Yes No Yes No

7. Access token 10. App Start Page + Contents 5. Request App Start Page + Context Token (SPAppToken) 4. App Redirect 9. SharePoint data 8. Req. + Access token 1. Start App 2. Request context token 3. Signed context token 6. Refresh token Subject App Server SharePoint Server Windows Azure ACS

ServicesScenarios SharePoint to Exchange eDiscovery Site Mailboxes MySite Project Tasks Sync High Resolution Photos SharePoint to SharePoint Translation service Hybrid: Duet/SAP Hybrid Search SharePoint to MTW Multi-tenant Workflows (MTW) SharePoint to Apps App Model extensibility SharePoint to Azure media service… SharePoint Video Portal (upcoming)

Sponsored by