Share-n-dipity

SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously

How to Override the Default Name Resolution and Claims Provider in SharePoint 2010

How to Override the Default Name Resolution and Claims Provider in SharePoint 2010

  • Comments 6
  • Likes

An issue that has frustrated a lot of folks since SharePoint 2007 and the WebSSO provider, and that continues today in SharePoint 2010 when using claims authentication with something like ADFS v2, is name resolution.  Meaning that in most cases you can type in any random value you want into the search box, and the people picker will act like it is valid - it will underline what you typed in and treat it as a resolved name.  Of course, this is a problem for your users because whether they had a typo or just flat out had no idea who they are looking for, we tell them "yep, that's a valid name".

Fortunately SharePoint 2010 and its inherent support for claims providers supplies relief for this scenario.  I've explained in other posts how one can create a custom claims provider for both augmenting claims, as well as providing custom search and name resolution capabilities.  So to work around this issue in SharePoint 2010 there's really two things you need to do:

  1. Write a custom claims provider.  See http://blogs.technet.com/speschka/archive/2010/03/13/writing-a-custom-claims-provider-for-sharepoint-2010-part-1.aspx to get started with that.
  2. Replace the default claims provider with your own.  That's the point of this posting.

To replace the default claims provider with your own, you really just need to execute a pretty simple PowerShell script.  Super bonus kudos to Chris for explaining this part to me.  Here's what the script looks like:

$trusted = Get-SPTrustedIdentityTokenIssuer -Identity "Trusted Login Provider Name Goes Here"
$trusted.ClaimProviderName = “name of your custom claim provider”  //in your claim provider you need to override the SPClaimProvider.Name; use that value here
$trusted.Update()

That's it.  After you do that we'll start using your custom claims provider as the default provider for that SPTrustedIdentityTokenIssuer.  I know this is an important feature to a lot of folks so I hope you all find this information helpful.

NOTE:  Important additional information has been added to this topic.  Please see http://blogs.technet.com/b/speschka/archive/2010/05/25/replacing-the-out-of-box-name-resolution-in-sharepoint-2010-part-2.aspx.

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment