Security Token Service (STS)
Security Token Service also known as STS is a very strong authorization concept in SharePoint. It started off nicely in 2010 version which has been adopted similarly in 2013 version. It is primarily helpful in claims based authentication. Earlier the windows and forms based authentication does have the identities but now we have claims & the issuer to which the claims belong.
So, What is Claim
Let’s look at it from this perspective, it is a kind of statement issued by an issuer related to itself or some other entity. Now each identity like Windows, forms based even third party identities like Facebook or LinkedIn can be used to authenticate users just on the basis of that claim thing.
In SharePoint 2010, STS has been developed as a web service which signs and issues security tokens. This service cna issue different type of tokens like Kerberos, RA, SAML etc. This can also issue custom tokens if we customize this service for our own purposes.
It is important to understand that in this whole secario, two entities are very important IP-STS and RP-STS. One is called Identity Provider-STS and the other is called Relying Party-STS.
IP-STS is responsible for acting as issue. It will take all the user information from data store which could be a database or a third party system as well. Once done, it will create the relevant tokens for the user who has logged in.
RP-STS is responsible for receiving the tokens which are created by IP-STS. Even using these tokens we can create two applications which can single sign-on just on the basis of that token created by IP-STS. So it easily provides a mechanims of authenticate once and use in many different applications.