Someone one posed an interesting question to me the other day, around whether or not you could use SAML claims with host header sites in SharePoint 2010. My initial thought was yes but I wanted to dig into it a little bit more to investigate. The short answer to all this is yes, but it's not quite as pain free as I was hoping for. For my little sample I created a web application at https://hh.vbtoys.com and two host header sites: https://ash.vbtoys.com and https://josh.vbtoys.com. While this doesn't fit entirely in the classic model of host header sites (meaning vanity Urls), remember that one of the restrictions with SAML claims and SharePoint is that sites must use SSL. So rather than having to mess with creating an SSL certificate with Subject Alternate Names (SAN), I decided to simplify life slightly so I could use a wildcard certificate. It's enough to prove out whether it works and what configuration is needed, but it is hopefully also a good reminder of something to think about if you want to use host header sites and SAML authentication.
So I did a simple test first just to try out the utopia scenario where I could make just one configuration change and have all host header sites just work. In that case, I did two things:
$ap = Get-SPTrustedIdentityTokenIssuer -identity "ADFS IdP"$uri = new-object System.Uri("https://hh.vbtoys.com")$ap.ProviderRealms.Add($uri, "urn:sharepoint:hh")$ap.Update()
So I tried hitting https://hh.vbtoys.com first and all was good - I got into the site no problem. Next, in the real test of the utopian scenario I hit https://ash.vbtoys.com. Unfortunately, it was not utopian. I ended up getting redirected to an entirely different SPTrustedIdentityTokenIssuer, so my guess is that SharePoint did a look up in it's list of Provider Realms and could find nothing for https://ash.vbtoys.com so it just grabbed the first SPTrustedIdentityTokenIssuer in my list.
All was not lost however...as you can probably imagine at this point, I was able to make both of my host header sites work, but I had to create:
$ap = Get-SPTrustedIdentityTokenIssuer -identity "ADFS IdP"$uri = new-object System.Uri("https://ash.vbtoys.com")$ap.ProviderRealms.Add($uri, "urn:sharepoint:ash")$ap.Update()
The net of this is by adding a new relying party, and a new provider realm (Uri and Urn), for each host header site collection, I was able to log into each site using SAML authentication.
this sentence is only true if you are using ADFS (i think) "...remember that one of the restrictions with SAML claims and SharePoint is that sites must use SSL". the restriction comes from ADFS not from sharepoint. if we use a custom implementation instead of ADFS, we can pass ssl requeriments and get results for real different domains (www.xpta.com , www.xptb.com )
m88 : http://m88en.com
M88.com offer online sports games Asia, Sports Betting Asia, Sports Betting Sites Asia.
m88asia : http://m88en.net
Link to M88BET phone: m88en.com. – Register and Open Betting Account and Membership M88BET.
m88bet : http://www.linkm88vip.com
MANSION88 the house is one of the largest and most prestigious. Appeared quite early in the Asian market, the so-MANSION88 currently attracts more players.
link m88 : http://m88wiki.com
Home the M88 is the official sponsor of the football club in the Premier League
Wish you happy with the new M88
m88 casino online : http://m88free.com
Modern Thai restaurant combines outstanding traditional cuisine and a subtle modern decor with a warm welcoming ambience. Thai Restaurants in Brisbane :
http://www.watersidethainoodles.com.au , traveller reviews of Brisbane Thai restaurants and search by price, location, and more.