Skype for Business
See all products »
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously
Office Web Apps
OneDrive for Business
Visual Studio 2010
Visual Studio 2012
Windows Phone 7
Windows Phone 8
Browse by Tags
Getting an Azure Access Token for a Web Application Entirely in Code
I generally find using Azure Active Directory for securing my resources to be a joyous thing, but the simplicity of use is pretty much vastly overstated by the marketing folks at Microsoft. I’ve used it quite a bit and yet still find myself simultaneously in seemingly uncharted and undocumented...
4 Jun 2015
Do You Need An Account In Azure Active Directory if Using ADFS?
Today’s topic is a little spin on a question that seems to be coming up more frequently, specifically when folks are using a combination of Azure Active Directory and ADFS. That question is, if I’m using ADFS do I really need to have an account in an Azure Active Directory (AAD) tenant? Well...
26 May 2015
How to Fix the OpenId Access Denied When User Won’t Grant Rights at Login
Okay, so the title may not be the clearest thing ever here today, but it’s tough to do in just a few words, so let me explain the scenario a little more fully. Suppose you create an ASP.NET application and you configure it to be secured by Azure Active Directory. When you do that you have to configure...
10 Apr 2015
Using Roles in Azure Applications
I was spending some time today (finally) looking at how to get what I really consider the baseline functionality of claims – apps, users and roles – all working together with one of my Azure AD apps. Azure has been pushing out pieces of an RBAC-based infrastructure for a few months now, and...
9 Mar 2015
How To Delete An App You Consented to in Azure AD
In many ways this is a companion piece to the post I just published on solving an issue with multi-tenant applications in Azure AD: "The Account Needs to be Added as an External User in the Tenant with Azure AD Apps". This is actually a question I see come up fairly frequently, and one that...
22 Feb 2015
The Account Needs to be Added as an External User in the Tenant with Azure AD Apps
This is an error I see pop up in various discussions forums every now and then and tracking it down can be somewhat difficult. I had this happen recently in a scenario that I think probably is or will be one of the more common scenarios so I figured I'd write it up here. In my case I had an application...
22 Feb 2015
Desktop SharePoint Apps for SAML Secured SharePoint Sites
Continuing on with the theme of SAML secured SharePoint sites and SharePoint Apps, this next posting looks at another common application model, which is using what I call a desktop app to connect to SharePoint. By “desktop”, I mean an app that doesn’t have an HttpContext, like a console...
17 Nov 2014
Developing Low Trust Provider Hosted Apps with SAML Authentication in SharePoint 2013
Low trust provider hosted apps in a SAML secured SharePoint web application is a scenario that did not work when SharePoint 2013 was released. Things have changed fortunately, so here's a quick run down on what you need to do in order to build these apps on premises. The first thing you need to do...
3 Oct 2014
An Updated ClaimsTokenHelper for SharePoint 2013 High Trust Apps and SAML
When Visual Studio 2013 came out, it introduced a new class and simplified methods for obtaining a ClientContext to use with the Client Side Object Model (CSOM) to access SharePoint 2013 sites. A new SharePointContext class was added to simplify the programming model, but internally it still called the...
30 Sep 2014
Configuring SharePoint Hosted Apps with SAML Authentication in SharePoint 2013
NOTE: This is a sampling of some content we're preparing for working with SharePoint Apps and SAML authentication. More content will be coming, and once everything is packaged up and a distribution channel determined I'll post a general announcement on the Share-n-Dipity blog. The concept...
30 Sep 2014
Remote SharePoint Index, Hybrid, and SAML
Today's post combines a few different topics, that dare I say, started as a dare (I think). The gauntlet thrown out was whether or not Remote SharePoint Index would work for SAML users as well as Windows users. For those of you not completely familiar with Remote SharePoint Index, I covered it in...
26 Jun 2014
SAML Support for SharePoint-Hosted Apps with ADFS 3.0
This is another case where I'm just passing information along here, based on the great work of others. As you probably know, we did not have a good story for SharePoint-hosted apps in web application that uses SAML authentication with ADFS 2.0. However, I have had reports from a couple of different...
19 May 2014
Updating Trust Between OnPrem Farms and ACS for Apps When Your SharePoint STS Token Signing Certificate Expires
For those of you who are "in the app way" with SharePoint 2013 (no, not a lot different from being "in the pregnant way", as they say), you'll reach that point sooner or later where the token signing certificate for your SharePoint STS expires if you are using low trust apps on...
6 May 2014
Claim Type Exceptions with Custom Claims Providers in SharePoint 2013
This issue applies to SharePoint 2010 as well but...suppose you have created a custom claims provider and one of the things you want to do is to have some custom claim types that you use. What I mean by custom claim types is just that they are not one of the standard out of the box types like email,...
16 Apr 2014
More Info on an Old Friend - the Custom Claims Provider, Uri Parameters and EntityTypes in SharePoint 2013
Back to oldie but a goodie - the custom claims provider for SharePoint. I believe this applies to SharePoint 2010 as well but honestly I have only tested what I'm about to describe on SharePoint 2013 and don't have the bandwidth to go back and do a 2010 test as well. What I wanted to describe...
8 Apr 2014
Programmatically Adding A Trusted Identity Token Issuer to a Web Application Zone in SharePoint 2010 and 2013
Seems like I haven't had a chance to write a good SharePoint / SAML claims kind of article in a while. I was happily plugging away on some code this weekend for a scenario I haven't done before so I thought I would go ahead and post it here for the search engines. The whole topic in general has...
28 Feb 2014
What You Must Know if Using Azure Active Directory for SSO with Yammer
I posted a while back regarding how to configure Yammer and Azure Active Directory (AAD) together so that you could use it for single sign on to your Yammer network - http://blogs.technet.com/b/speschka/archive/2014/01/08/using-azure-active-directory-for-single-sign-on-with-yammer.aspx . There is an...
23 Jan 2014
Using Azure Active Directory for Single Sign On with Yammer
This is a pretty interesting topic that I think is going to be gaining momentum moving forward. As many of you know, when you create a new o365 tenant you automatically get an Azure Active Directory (AAD) instance provisioned for you at the same time. For those of you who have purchased an Enterprise...
8 Jan 2014
Migrating from Windows Classic Auth to Windows Claims Auth in SharePoint 2010 Part 2
NOTE: UPDATED 1/8/2011 I wanted to follow-up on the previous post about migrating authentiation types in SharePoint 2010 that was done here: http://blogs.technet.com/b/speschka/archive/2010/06/12/migrating-a-web-application-from-windows-classic-to-windows-claims-in-sharepoint-2010.aspx . I still recommend...
20 Jul 2010
Writing a Custom Claims Provider for SharePoint 2010 - Part 2: Adding Support for Hierarchy Nodes
In Part 1 of this series we showed how to create a custom claims provider, and how to do claims augmentation. In part 2 were going to show a simple way to add a hierarchy to the people picker control. In and of itself this isn't necessarily interesting, but when we get to part 3 you'll see how...
13 Mar 2010
Troubleshooting Blank Response Pages When Using Federation with ACS and Facebook
I've had this scenario come up a few times now when working through various federation scenarios. These cases always involve using Facebook as an oAuth source for login, or Azure's AppFabric ACS as a federated identity provider. The common behavior is that you are doing something either interactively...
12 Jul 2011
The SPMigrateUsers Tool for Changing Account Identities in SharePoint 2010
There are times in SharePoint when you want or need to change an account identity. The best example is with SAML claims. In virtually of my examples I use email address as the identity claim for users. I do this because a) most people have an email address and b) an email address is something that most...
3 Jun 2012
Creating a Yammer-Centric Security Setup for SharePoint 2013
Okay, I’m going to preface everything in this post by saying what I’m going to be describing is not what you would consider the most secure SharePoint web application in the world. If you are working with sensitive content then this is probably (but not absolutely) NOT the best solution for...
27 Oct 2013
Writing A Custom Forms Login Page for SharePoint 2010 Part 1
In SharePoint 2007 writing a custom login page for a forms based authentication (FBA) site was not too terribly hard. There were a few things to know, most of which weren’t SharePoint specific, and some tips to have your login form take on the look and feel of a standard SharePoint layouts page...
22 Jul 2010
SAML Alert for SharePoint 2010 - If You Apply SP1 Follow Up with June CU
Hey all, there has been a potential issue that's recently come to light for folks that have only applied SharePoint 2010 SP1 but not the June 2011 CU. What you will find after doing this is that the people picker will no longer work for your SAML claims users. You can still add claims via the type...
20 Jul 2011
© 2015 Microsoft Corporation.
Privacy & Cookies