SharePoint Claims Auth Without SSL

Someone asked me the other day whether we could use claims auth in SharePoint 2010 with ADFS v2 as the identity provider STS (STS-IP), but NOT use SSL on the SharePoint site.  In working through it, I found that there are some inherent limitations in making this happen, but not on the SharePoint side.  In ADFS when you define the relying party (SharePoint 2010 in this case), you have to define a WS-Fed endpoint.  When you do that, ADFS requires that the endpoint be SSL secured.  The endpoint when SharePoint 2010 is the relying part is protocol://siteUrl/_trust/.  In this case, since ADFS requires SSL for the WS-Fed endpoint, the protocol portion of the Url must be SSL.

So the short answer is, to use claims auth in SharePoint with ADFS, you must use SSL.  Other STS-IP implementations may not have this requirement, but ADFS v2 does.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s