See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously
Office Web Apps
Visual Studio 2010
Visual Studio 2012
Windows Phone 7
Windows Phone 8
Browse by Tags
An Updated ClaimsTokenHelper for SharePoint 2013 High Trust Apps and SAML
When Visual Studio 2013 came out, it introduced a new class and simplified methods for obtaining a ClientContext to use with the Client Side Object Model (CSOM) to access SharePoint 2013 sites. A new SharePointContext class was added to simplify the programming model, but internally it still called the...
30 Sep 2014
Configuring SharePoint Hosted Apps with SAML Authentication in SharePoint 2013
NOTE: This is a sampling of some content we're preparing for working with SharePoint Apps and SAML authentication. More content will be coming, and once everything is packaged up and a distribution channel determined I'll post a general announcement on the Share-n-Dipity blog. The concept...
30 Sep 2014
Remote SharePoint Index, Hybrid, and SAML
Today's post combines a few different topics, that dare I say, started as a dare (I think). The gauntlet thrown out was whether or not Remote SharePoint Index would work for SAML users as well as Windows users. For those of you not completely familiar with Remote SharePoint Index, I covered it in...
26 Jun 2014
SAML Support for SharePoint-Hosted Apps with ADFS 3.0
This is another case where I'm just passing information along here, based on the great work of others. As you probably know, we did not have a good story for SharePoint-hosted apps in web application that uses SAML authentication with ADFS 2.0. However, I have had reports from a couple of different...
19 May 2014
Updating Trust Between OnPrem Farms and ACS for Apps When Your SharePoint STS Token Signing Certificate Expires
For those of you who are "in the app way" with SharePoint 2013 (no, not a lot different from being "in the pregnant way", as they say), you'll reach that point sooner or later where the token signing certificate for your SharePoint STS expires if you are using low trust apps on...
6 May 2014
Claim Type Exceptions with Custom Claims Providers in SharePoint 2013
This issue applies to SharePoint 2010 as well but...suppose you have created a custom claims provider and one of the things you want to do is to have some custom claim types that you use. What I mean by custom claim types is just that they are not one of the standard out of the box types like email,...
16 Apr 2014
More Info on an Old Friend - the Custom Claims Provider, Uri Parameters and EntityTypes in SharePoint 2013
Back to oldie but a goodie - the custom claims provider for SharePoint. I believe this applies to SharePoint 2010 as well but honestly I have only tested what I'm about to describe on SharePoint 2013 and don't have the bandwidth to go back and do a 2010 test as well. What I wanted to describe...
8 Apr 2014
Programmatically Adding A Trusted Identity Token Issuer to a Web Application Zone in SharePoint 2010 and 2013
Seems like I haven't had a chance to write a good SharePoint / SAML claims kind of article in a while. I was happily plugging away on some code this weekend for a scenario I haven't done before so I thought I would go ahead and post it here for the search engines. The whole topic in general has...
28 Feb 2014
What You Must Know if Using Azure Active Directory for SSO with Yammer
I posted a while back regarding how to configure Yammer and Azure Active Directory (AAD) together so that you could use it for single sign on to your Yammer network - http://blogs.technet.com/b/speschka/archive/2014/01/08/using-azure-active-directory-for-single-sign-on-with-yammer.aspx . There is an...
23 Jan 2014
Using Azure Active Directory for Single Sign On with Yammer
This is a pretty interesting topic that I think is going to be gaining momentum moving forward. As many of you know, when you create a new o365 tenant you automatically get an Azure Active Directory (AAD) instance provisioned for you at the same time. For those of you who have purchased an Enterprise...
8 Jan 2014
Migrating from Windows Classic Auth to Windows Claims Auth in SharePoint 2010 Part 2
NOTE: UPDATED 1/8/2011 I wanted to follow-up on the previous post about migrating authentiation types in SharePoint 2010 that was done here: http://blogs.technet.com/b/speschka/archive/2010/06/12/migrating-a-web-application-from-windows-classic-to-windows-claims-in-sharepoint-2010.aspx . I still recommend...
20 Jul 2010
Writing a Custom Claims Provider for SharePoint 2010 - Part 2: Adding Support for Hierarchy Nodes
In Part 1 of this series we showed how to create a custom claims provider, and how to do claims augmentation. In part 2 were going to show a simple way to add a hierarchy to the people picker control. In and of itself this isn't necessarily interesting, but when we get to part 3 you'll see how we can...
13 Mar 2010
Troubleshooting Blank Response Pages When Using Federation with ACS and Facebook
I've had this scenario come up a few times now when working through various federation scenarios. These cases always involve using Facebook as an oAuth source for login, or Azure's AppFabric ACS as a federated identity provider. The common behavior is that you are doing something either interactively...
12 Jul 2011
The SPMigrateUsers Tool for Changing Account Identities in SharePoint 2010
There are times in SharePoint when you want or need to change an account identity. The best example is with SAML claims. In virtually of my examples I use email address as the identity claim for users. I do this because a) most people have an email address and b) an email address is something that most...
3 Jun 2012
One Important SAML Claims Property to Never Touch in SharePoint 2013
Hi folks, it has come to my attention that there is one particular property on the SPTrustedIdentityTokenIssuer in SharePoint 2013 that you should absolutely never ever touch or try to change in any way. 2013 introduces a new property on the SPTrustedIdentityTokenIssuer called the MetadataEndPoint, and...
9 Aug 2012
Using SAML Claims, SharePoint, WCF, Claims to Windows Token Service and Constrained Delegation to Access SQL Server
Okay, this will hopefully be the longest titled post I ever write, but I wanted to make sure it covered all the relevant technologies being discussed. This is an area that I’ve heard a more rumbling about recently, which is really all about how can I take a SAML claims user and get a Windows context...
7 Aug 2011
SharePoint 2010 Forms Based Authentication Configuration Manager
I found myself getting really tired of constantly modifying configuration files when setting up forms based auth (FBA) in SharePoint 2010. There's even more work now then there was in the previous release, because now we have an additional web.config file to modify - for the STS. It was also a constant...
29 Jul 2010
Tool to Get Token Signing Certificate Out of ACS
I continue to be regularly annoyed when I want to go snag the token signing certificate out ACS for use with federating to my various projects, like SharePoint sites. I've written in a couple or more blog postings about how you go to your tenant, find your federation metadata xml endpoint, retrieve the...
24 Nov 2013
How To Control App Token Lifetimes in SharePoint 2013
Today's post is the first selection from the little twitter contest I announced on the Share-n-Dipity blog a few days ago: http://blogs.technet.com/b/speschka/archive/2013/09/04/use-social-tools-to-tell-me-what-you-want-to-see-here-next.aspx . Shariq wanted to know more about the lifetime for high trust...
12 Sep 2013
Security in SharePoint Apps - Part 4
PREVIOUS: Security in SharePoint Apps – Part 3 In Part 3 I talked about how SharePoint sends over a context token with the request for an App when using low trust (this does NOT come over to a high trust app). It’s worth looking at what a context token is, and how we compare that to a...
30 Jul 2013
Using Fiddler With SAML and SharePoint to Get Past the Three Authentication Prompts
Eric Lawrence touches on this topic in one of his Fiddler blog posts, but unless you know what you're looking for it can be hard to track down so I am going to add the SharePoint twist on it here. We often tell folks to use Fiddler to get an idea of what's going on when they are having issues with their...
2 Dec 2012
Update on Errors for Root Certificate Not Trusted with SharePoint 2010 Claims Authentication
Hey all, I've been away awhile...got in a little vacation finally and also switched groups at Microsoft so I've been buried getting my feet wet in a new job. Things are starting to even out a little so I will hopefully be back writing here a little more often again. I wanted to point out one important...
24 Apr 2010
Security in SharePoint Apps - Part 5
PREVIOUS: Security in SharePoint Apps – Part 4 As promised in Part 4, there’s actually a very interesting type of application that you don’t even install in a site collection. How can this be you ask…well let’s talk about it. With most apps, you have to deploy it...
31 Jul 2013
The Dreaded 3 Login Prompts When Authenticating
I had this all too common problem hit me this weekend, but this was happening on my ADFS server, which I unfortunately was rebuilding. The most common reasons as you know have to do with some misconfigured Kerberos setting, or with using some name other than the server name for a web application (the...
9 Jan 2011
How to Get All User Claims at Claims Augmentation Time in SharePoint 2010
A fairly constant hurdle when doing claims augmentation in SharePoint 2010 has been trying to figure out what claims a user has when your custom claims provider is invoked to do claims augmentation. For example, the claims you want to augment for a person may depend on the value of other claims the user...
29 Mar 2011
© 2014 Microsoft Corporation.
Privacy & Cookies