See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously
Office Web Apps
Visual Studio 2010
Visual Studio 2012
Windows Phone 7
Windows Phone 8
Browse by Tags
Remote SharePoint Index, Hybrid, and SAML
Today's post combines a few different topics, that dare I say, started as a dare (I think). The gauntlet thrown out was whether or not Remote SharePoint Index would work for SAML users as well as Windows users. For those of you not completely familiar with Remote SharePoint Index, I covered it in...
26 Jun 2014
SAML Support for SharePoint-Hosted Apps with ADFS 3.0
This is another case where I'm just passing information along here, based on the great work of others. As you probably know, we did not have a good story for SharePoint-hosted apps in web application that uses SAML authentication with ADFS 2.0. However, I have had reports from a couple of different...
19 May 2014
Updating Trust Between OnPrem Farms and ACS for Apps When Your SharePoint STS Token Signing Certificate Expires
For those of you who are "in the app way" with SharePoint 2013 (no, not a lot different from being "in the pregnant way", as they say), you'll reach that point sooner or later where the token signing certificate for your SharePoint STS expires if you are using low trust apps on...
6 May 2014
Claim Type Exceptions with Custom Claims Providers in SharePoint 2013
This issue applies to SharePoint 2010 as well but...suppose you have created a custom claims provider and one of the things you want to do is to have some custom claim types that you use. What I mean by custom claim types is just that they are not one of the standard out of the box types like email,...
16 Apr 2014
More Info on an Old Friend - the Custom Claims Provider, Uri Parameters and EntityTypes in SharePoint 2013
Back to oldie but a goodie - the custom claims provider for SharePoint. I believe this applies to SharePoint 2010 as well but honestly I have only tested what I'm about to describe on SharePoint 2013 and don't have the bandwidth to go back and do a 2010 test as well. What I wanted to describe...
8 Apr 2014
Programmatically Adding A Trusted Identity Token Issuer to a Web Application Zone in SharePoint 2010 and 2013
Seems like I haven't had a chance to write a good SharePoint / SAML claims kind of article in a while. I was happily plugging away on some code this weekend for a scenario I haven't done before so I thought I would go ahead and post it here for the search engines. The whole topic in general has...
28 Feb 2014
What You Must Know if Using Azure Active Directory for SSO with Yammer
I posted a while back regarding how to configure Yammer and Azure Active Directory (AAD) together so that you could use it for single sign on to your Yammer network - http://blogs.technet.com/b/speschka/archive/2014/01/08/using-azure-active-directory-for-single-sign-on-with-yammer.aspx . There is an...
23 Jan 2014
Using Azure Active Directory for Single Sign On with Yammer
This is a pretty interesting topic that I think is going to be gaining momentum moving forward. As many of you know, when you create a new o365 tenant you automatically get an Azure Active Directory (AAD) instance provisioned for you at the same time. For those of you who have purchased an Enterprise...
8 Jan 2014
Migrating from Windows Classic Auth to Windows Claims Auth in SharePoint 2010 Part 2
NOTE: UPDATED 1/8/2011 I wanted to follow-up on the previous post about migrating authentiation types in SharePoint 2010 that was done here: http://blogs.technet.com/b/speschka/archive/2010/06/12/migrating-a-web-application-from-windows-classic-to-windows-claims-in-sharepoint-2010.aspx . I still recommend...
20 Jul 2010
Writing a Custom Claims Provider for SharePoint 2010 - Part 2: Adding Support for Hierarchy Nodes
In Part 1 of this series we showed how to create a custom claims provider, and how to do claims augmentation. In part 2 were going to show a simple way to add a hierarchy to the people picker control. In and of itself this isn't necessarily interesting, but when we get to part 3 you'll see how we can...
13 Mar 2010
Troubleshooting Blank Response Pages When Using Federation with ACS and Facebook
I've had this scenario come up a few times now when working through various federation scenarios. These cases always involve using Facebook as an oAuth source for login, or Azure's AppFabric ACS as a federated identity provider. The common behavior is that you are doing something either interactively...
12 Jul 2011
The SPMigrateUsers Tool for Changing Account Identities in SharePoint 2010
There are times in SharePoint when you want or need to change an account identity. The best example is with SAML claims. In virtually of my examples I use email address as the identity claim for users. I do this because a) most people have an email address and b) an email address is something that most...
3 Jun 2012
Integrating SharePoint 2013 with Azure Active Directory – Part 2 The Custom Claims Provider
In Part 1 of this series, we went through how to configure SharePoint to use ACS and Azure Active Directory (AAD) as our Identity Provider. Once that is complete you will have a working end to end solution in which you can authenticate, get authorized and work in the site. What you also have is the standard...
12 May 2013
Missing Context Token in Low Trust App with SharePoint 2013
Should you decide that you want to write low trust apps for an on-premises SharePoint 2013 farm, there are a number of hoops you should expect to jump through (NOTE: this assumes the SPNs for your web apps are already configured in the MsolServicePrincipal for your o365 tenant): Create a new app...
29 May 2013
Security in SharePoint Apps - Part 8
PREVIOUS: Security in SharePoint Apps – Part 7 For this, the very last in the series, I just wanted to briefly talk at a high level about the process you should be doing when developing an App for a SharePoint site that uses SAML (or FBA for that matter). I’ve already written a detailed...
2 Aug 2013
Using Fiddler With SAML and SharePoint to Get Past the Three Authentication Prompts
Eric Lawrence touches on this topic in one of his Fiddler blog posts, but unless you know what you're looking for it can be hard to track down so I am going to add the SharePoint twist on it here. We often tell folks to use Fiddler to get an idea of what's going on when they are having issues with their...
2 Dec 2012
Update on Errors for Root Certificate Not Trusted with SharePoint 2010 Claims Authentication
Hey all, I've been away awhile...got in a little vacation finally and also switched groups at Microsoft so I've been buried getting my feet wet in a new job. Things are starting to even out a little so I will hopefully be back writing here a little more often again. I wanted to point out one important...
24 Apr 2010
Security in SharePoint Apps - Part 5
PREVIOUS: Security in SharePoint Apps – Part 4 As promised in Part 4, there’s actually a very interesting type of application that you don’t even install in a site collection. How can this be you ask…well let’s talk about it. With most apps, you have to deploy it...
31 Jul 2013
The Dreaded 3 Login Prompts When Authenticating
I had this all too common problem hit me this weekend, but this was happening on my ADFS server, which I unfortunately was rebuilding. The most common reasons as you know have to do with some misconfigured Kerberos setting, or with using some name other than the server name for a web application (the...
9 Jan 2011
How to Get All User Claims at Claims Augmentation Time in SharePoint 2010
A fairly constant hurdle when doing claims augmentation in SharePoint 2010 has been trying to figure out what claims a user has when your custom claims provider is invoked to do claims augmentation. For example, the claims you want to augment for a person may depend on the value of other claims the user...
29 Mar 2011
Name Disappears After Selecting in People Picker with Custom Claims Provider in SharePoint 2010
I recently witnessed a problem that proved to be fairly difficult to track down so I thought I would share the issue and resolution. In this case, a custom claims provider had been developed and it was being used as the default claim provider for the SPTrustedIdentityTokenIssuer, as described here: http...
28 Jun 2011
Migrating User Accounts from Windows Claims to SAML Claims
In the work I’ve been busy with lately I’ve had a lot of interest from folks that are interested in starting out as Windows claims users, and then at some point switching over and start using SAML claims. Sounds reasonable enough, but the problem is that we don’t have an out of the...
28 Jan 2011
Setting Up an oAuth Trust Between Farms in SharePoint 2013
One of the things you’re likely to hear a lot about in SharePoint 2013, and I may end up writing a lot about, is oAuth. In SharePoint 2013 oAuth is used to establish a trust between two applications for purposes of establishing the identity of a principal (user or application). In SharePoint you...
23 Jul 2012
Writing A Custom Forms Login Page for SharePoint 2010 Part 1
In SharePoint 2007 writing a custom login page for a forms based authentication (FBA) site was not too terribly hard. There were a few things to know, most of which weren’t SharePoint specific, and some tips to have your login form take on the look and feel of a standard SharePoint layouts page...
22 Jul 2010
SAML Alert for SharePoint 2010 - If You Apply SP1 Follow Up with June CU
Hey all, there has been a potential issue that's recently come to light for folks that have only applied SharePoint 2010 SP1 but not the June 2011 CU. What you will find after doing this is that the people picker will no longer work for your SAML claims users. You can still add claims via the type in...
20 Jul 2011
© 2014 Microsoft Corporation.
Privacy & Cookies