See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously
Office Web Apps
OneDrive for Business
Visual Studio 2010
Visual Studio 2012
Windows Phone 7
Windows Phone 8
Browse by Tags
Desktop SharePoint Apps for SAML Secured SharePoint Sites
Continuing on with the theme of SAML secured SharePoint sites and SharePoint Apps, this next posting looks at another common application model, which is using what I call a desktop app to connect to SharePoint. By “desktop”, I mean an app that doesn’t have an HttpContext, like a console...
17 Nov 2014
Developing Low Trust Provider Hosted Apps with SAML Authentication in SharePoint 2013
Low trust provider hosted apps in a SAML secured SharePoint web application is a scenario that did not work when SharePoint 2013 was released. Things have changed fortunately, so here's a quick run down on what you need to do in order to build these apps on premises. The first thing you need to do...
3 Oct 2014
An Updated ClaimsTokenHelper for SharePoint 2013 High Trust Apps and SAML
When Visual Studio 2013 came out, it introduced a new class and simplified methods for obtaining a ClientContext to use with the Client Side Object Model (CSOM) to access SharePoint 2013 sites. A new SharePointContext class was added to simplify the programming model, but internally it still called the...
30 Sep 2014
Configuring SharePoint Hosted Apps with SAML Authentication in SharePoint 2013
NOTE: This is a sampling of some content we're preparing for working with SharePoint Apps and SAML authentication. More content will be coming, and once everything is packaged up and a distribution channel determined I'll post a general announcement on the Share-n-Dipity blog. The concept...
30 Sep 2014
Remote SharePoint Index, Hybrid, and SAML
Today's post combines a few different topics, that dare I say, started as a dare (I think). The gauntlet thrown out was whether or not Remote SharePoint Index would work for SAML users as well as Windows users. For those of you not completely familiar with Remote SharePoint Index, I covered it in...
26 Jun 2014
SAML Support for SharePoint-Hosted Apps with ADFS 3.0
This is another case where I'm just passing information along here, based on the great work of others. As you probably know, we did not have a good story for SharePoint-hosted apps in web application that uses SAML authentication with ADFS 2.0. However, I have had reports from a couple of different...
19 May 2014
Updating Trust Between OnPrem Farms and ACS for Apps When Your SharePoint STS Token Signing Certificate Expires
For those of you who are "in the app way" with SharePoint 2013 (no, not a lot different from being "in the pregnant way", as they say), you'll reach that point sooner or later where the token signing certificate for your SharePoint STS expires if you are using low trust apps on...
6 May 2014
Claim Type Exceptions with Custom Claims Providers in SharePoint 2013
This issue applies to SharePoint 2010 as well but...suppose you have created a custom claims provider and one of the things you want to do is to have some custom claim types that you use. What I mean by custom claim types is just that they are not one of the standard out of the box types like email,...
16 Apr 2014
More Info on an Old Friend - the Custom Claims Provider, Uri Parameters and EntityTypes in SharePoint 2013
Back to oldie but a goodie - the custom claims provider for SharePoint. I believe this applies to SharePoint 2010 as well but honestly I have only tested what I'm about to describe on SharePoint 2013 and don't have the bandwidth to go back and do a 2010 test as well. What I wanted to describe...
8 Apr 2014
Programmatically Adding A Trusted Identity Token Issuer to a Web Application Zone in SharePoint 2010 and 2013
Seems like I haven't had a chance to write a good SharePoint / SAML claims kind of article in a while. I was happily plugging away on some code this weekend for a scenario I haven't done before so I thought I would go ahead and post it here for the search engines. The whole topic in general has...
28 Feb 2014
What You Must Know if Using Azure Active Directory for SSO with Yammer
I posted a while back regarding how to configure Yammer and Azure Active Directory (AAD) together so that you could use it for single sign on to your Yammer network - http://blogs.technet.com/b/speschka/archive/2014/01/08/using-azure-active-directory-for-single-sign-on-with-yammer.aspx . There is an...
23 Jan 2014
Using Azure Active Directory for Single Sign On with Yammer
This is a pretty interesting topic that I think is going to be gaining momentum moving forward. As many of you know, when you create a new o365 tenant you automatically get an Azure Active Directory (AAD) instance provisioned for you at the same time. For those of you who have purchased an Enterprise...
8 Jan 2014
Migrating from Windows Classic Auth to Windows Claims Auth in SharePoint 2010 Part 2
NOTE: UPDATED 1/8/2011 I wanted to follow-up on the previous post about migrating authentiation types in SharePoint 2010 that was done here: http://blogs.technet.com/b/speschka/archive/2010/06/12/migrating-a-web-application-from-windows-classic-to-windows-claims-in-sharepoint-2010.aspx . I still recommend...
20 Jul 2010
Writing a Custom Claims Provider for SharePoint 2010 - Part 2: Adding Support for Hierarchy Nodes
In Part 1 of this series we showed how to create a custom claims provider, and how to do claims augmentation. In part 2 were going to show a simple way to add a hierarchy to the people picker control. In and of itself this isn't necessarily interesting, but when we get to part 3 you'll see how we can...
13 Mar 2010
Troubleshooting Blank Response Pages When Using Federation with ACS and Facebook
I've had this scenario come up a few times now when working through various federation scenarios. These cases always involve using Facebook as an oAuth source for login, or Azure's AppFabric ACS as a federated identity provider. The common behavior is that you are doing something either interactively...
12 Jul 2011
The SPMigrateUsers Tool for Changing Account Identities in SharePoint 2010
There are times in SharePoint when you want or need to change an account identity. The best example is with SAML claims. In virtually of my examples I use email address as the identity claim for users. I do this because a) most people have an email address and b) an email address is something that most...
3 Jun 2012
Creating a Yammer-Centric Security Setup for SharePoint 2013
Okay, I’m going to preface everything in this post by saying what I’m going to be describing is not what you would consider the most secure SharePoint web application in the world. If you are working with sensitive content then this is probably (but not absolutely) NOT the best solution for...
27 Oct 2013
The Azure Custom Claim Provider for SharePoint Project Part 3
In Part 1 of this series, I briefly outlined the goals for this project, which at a high level is to use Windows Azure table storage as a data store for a SharePoint custom claims provider. The claims provider is going to use the CASI Kit to retrieve the data it needs from Windows Azure in order to provide...
20 Feb 2012
Writing A Custom Forms Login Page for SharePoint 2010 Part 2
NEW PREFACE TO THIS POSTING, AND OPEN COMMENT TO THE SITE OWNER: Since the blog site was upgraded to the latest version of whatever the blazes this thing is, the formatting has stunk like a pig on the 4th of July. I usually spend a fair amount of time trying to jury-rig the pathetic markup (or lack...
23 Jul 2010
Using Fiddler With SAML and SharePoint to Get Past the Three Authentication Prompts
Eric Lawrence touches on this topic in one of his Fiddler blog posts, but unless you know what you're looking for it can be hard to track down so I am going to add the SharePoint twist on it here. We often tell folks to use Fiddler to get an idea of what's going on when they are having issues with their...
2 Dec 2012
Update on Errors for Root Certificate Not Trusted with SharePoint 2010 Claims Authentication
Hey all, I've been away awhile...got in a little vacation finally and also switched groups at Microsoft so I've been buried getting my feet wet in a new job. Things are starting to even out a little so I will hopefully be back writing here a little more often again. I wanted to point out one important...
24 Apr 2010
Security in SharePoint Apps - Part 5
PREVIOUS: Security in SharePoint Apps – Part 4 As promised in Part 4, there’s actually a very interesting type of application that you don’t even install in a site collection. How can this be you ask…well let’s talk about it. With most apps, you have to deploy it...
31 Jul 2013
The Dreaded 3 Login Prompts When Authenticating
I had this all too common problem hit me this weekend, but this was happening on my ADFS server, which I unfortunately was rebuilding. The most common reasons as you know have to do with some misconfigured Kerberos setting, or with using some name other than the server name for a web application (the...
9 Jan 2011
How to Get All User Claims at Claims Augmentation Time in SharePoint 2010
A fairly constant hurdle when doing claims augmentation in SharePoint 2010 has been trying to figure out what claims a user has when your custom claims provider is invoked to do claims augmentation. For example, the claims you want to augment for a person may depend on the value of other claims the user...
29 Mar 2011
Name Disappears After Selecting in People Picker with Custom Claims Provider in SharePoint 2010
I recently witnessed a problem that proved to be fairly difficult to track down so I thought I would share the issue and resolution. In this case, a custom claims provider had been developed and it was being used as the default claim provider for the SPTrustedIdentityTokenIssuer, as described here: http...
28 Jun 2011
© 2015 Microsoft Corporation.
Privacy & Cookies