Contents
When using classic authentication, you expect that SharePoint will issue an HTTP status code of 401 at the client, indicating the types of HTTP authentication the server supports. However, in claims mode a more complex interaction occurs.
Is there a centralized server for remote authentication?
They have to know only that the organization that they have a contract with can identify the user. In these cases, the centralized server for authentication does not exist; there is no centralized entity that can validate every user.
Why is SharePoint not prompted for authentication in other applications?
Obviously, this is not the best user experience. However, if the same network uses forms-based authentication, after users log in to SharePoint, they are not prompted for authentication in other applications such as Word and Excel. But they are prompted for authentication on each of the two web applications.
Fundamentally, the forms-based mechanism was designed to authenticate against local users, that is, it was not designed to authenticate identity based on a federated system. SharePoint 2010 addressed this by adding direct support for claims-based authentication.
Your SAML identity provider, also known as identity provider security token service (IP-STS), does all that and then redirects you to SharePoint. When you come back into SharePoint 2010, SharePoint creates a FedAuth cookie; that is how SharePoint knows that you have been authenticated.
How to create authenticated clientcontext object in SharePoint?
Creating an authenticated ClientContext object is a multistep process. First, the user must be able to sign into the remote system interactively. First, the user signs into SharePoint through the federated authentication provider, and SharePoint must issue its authentication cookies.