https://stackoverflow.com/questions/23215597
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe Windows Azure Pack Tenant Portal uses claims-based authentication. It delegates all authentication to a Security Token Service (STS) that must:
- Support WS-Federation
- Expose a Federation Metadata endpoint
- Be capable of generating JSON Web Tokens (JWT) with at least ‘UPN’ and optionally ‘Groups’ claims
To use Active Directory credentials (NTLM/Kerberos authentication) you would need a STS that meets these requirements and can use Active Directory as an Identity Provider (or will federate to one that can.)
Examples include AD FS 3.0 (as you point out) and the STS that ships with WAP for use by the Management Portal. In theory, you could use the Management Portal STS for the Tenant Portal as well, but the documentation explicitly cautions against this, warning that doing so 'will cause tenant scenarios to break'.
See this article for a full explanation of this and links to more resources: http://msdn.microsoft.com/en-us/library/dn479300.aspx
