An issue that has frustrated a lot of folks since SharePoint 2007 and the WebSSO provider, and that continues today in SharePoint 2010 when using claims authentication with something like ADFS v2, is name resolution. Meaning that in most cases you can type in any random value you want into the search box, and the people picker will act like it is valid - it will underline what you typed in and treat it as a resolved name. Of course, this is a problem for your users because whether they had a typo or just flat out had no idea who they are looking for, we tell them "yep, that's a valid name".
Fortunately SharePoint 2010 and its inherent support for claims providers supplies relief for this scenario. I've explained in other posts how one can create a custom claims provider for both augmenting claims, as well as providing custom search and name resolution capabilities. So to work around this issue in SharePoint 2010 there's really two things you need to do:
To replace the default claims provider with your own, you really just need to execute a pretty simple PowerShell script. Super bonus kudos to Chris for explaining this part to me. Here's what the script looks like:
$trusted = Get-SPTrustedIdentityTokenIssuer -Identity "Trusted Login Provider Name Goes Here"$trusted.ClaimProviderName = “name of your custom claim provider” //in your claim provider you need to override the SPClaimProvider.Name; use that value here$trusted.Update()
That's it. After you do that we'll start using your custom claims provider as the default provider for that SPTrustedIdentityTokenIssuer. I know this is an important feature to a lot of folks so I hope you all find this information helpful.
NOTE: Important additional information has been added to this topic. Please see http://blogs.technet.com/b/speschka/archive/2010/05/25/replacing-the-out-of-box-name-resolution-in-sharepoint-2010-part-2.aspx.