Share-n-dipity

SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously

Browse by Tags

Related Posts
  • Blog Post: Bug Alert for April CU and Migrating Users

    Just heard about a nasty little bug in the April CU from my friend Syed. He was using the SPWebApplication.MigrateUsers method to migrate accounts from one claim value to another (i.e. like if you were migrating from Windows claims to SAML claims, or in his case, changing identity claim values). Turns...
  • Blog Post: Signout With SharePoint 2013 and SAML

    Today's topic is one for which I deserve zero credit, I'm just putting out info that one of our crack engineers, Chad Ray, managed to dig up. I wanted to publish it here because I've worked with and talked to so many folks in the past who have struggled with getting a truly complete signout...
  • Blog Post: SAML in a Box - Inviting External Users to Your SharePoint Farm

    Those of you who follow the Share-n-Dipity blog know that I don’t really do much in the way of product endorsements. However, you have probably also figured out that I’m a big SAML fan, so when a friend of mine recently released a new product for this market it really caught my eye. If you’ve...
  • Blog Post: SAML Support for SharePoint-Hosted Apps with ADFS 3.0

    This is another case where I'm just passing information along here, based on the great work of others. As you probably know, we did not have a good story for SharePoint-hosted apps in web application that uses SAML authentication with ADFS 2.0. However, I have had reports from a couple of different...
  • Blog Post: Claim Type Exceptions with Custom Claims Providers in SharePoint 2013

    This issue applies to SharePoint 2010 as well but...suppose you have created a custom claims provider and one of the things you want to do is to have some custom claim types that you use. What I mean by custom claim types is just that they are not one of the standard out of the box types like email,...
  • Blog Post: More Info on an Old Friend - the Custom Claims Provider, Uri Parameters and EntityTypes in SharePoint 2013

    Back to oldie but a goodie - the custom claims provider for SharePoint. I believe this applies to SharePoint 2010 as well but honestly I have only tested what I'm about to describe on SharePoint 2013 and don't have the bandwidth to go back and do a 2010 test as well. What I wanted to describe...
  • Blog Post: Programmatically Adding A Trusted Identity Token Issuer to a Web Application Zone in SharePoint 2010 and 2013

    Seems like I haven't had a chance to write a good SharePoint / SAML claims kind of article in a while. I was happily plugging away on some code this weekend for a scenario I haven't done before so I thought I would go ahead and post it here for the search engines. The whole topic in general has...
  • Blog Post: Mapping User Profiles for SAML Users with an AD Import in SharePoint 2013

    This is a topic that becomes very important in SharePoint 2013, and that is making sure you have a fully populated user profile application. In SharePoint 2013 the user profile system plays a critical role in the OAuth infrastructure, which is what allows certain trusted application scenarios to succeed...
  • Blog Post: How To Add Additional Claims in ADFS 2.0 that can be Consumed in SharePoint 2010

    Just a quick tip here to save you a little time in case you decide you want to add additional claims for your users in ADFS 2.0 and have them successfully consumed in SharePoint 2010. The key thing to remember is that SharePoint only supports SAML 1.x, so it requires that the claim type be in a very...
  • Blog Post: Problems Resolving Claims Names in SharePoint 2010

    I've seen this problem crop up a few times now so I thought I'd try and share in case you run across it and are trying to troubleshoot. I've seen cases where you can't get name resolution to work, like when you type in a name in the type-in control then click the resolve button. You may...
  • Blog Post: Using ACS with the New Azure Web Sites

    This is effectively just a "retweet" but I wanted to call this out because it was very helpful recently solving a problem in what I think is an important scenario - using ACS for federated identity management with an application hosted in the new Azure web sites. Vittorio Bertocci posted on...
  • Blog Post: TrustedMissingIdentityClaimSource Error with Claims Auth in SharePoint 2010

    I've seen this error happen a few times to myself and others so I thought I would share the likely culprit. The scenario is, you set up claims authentication in SharePoint 2010...and you're pretty sure you've configured everything correctly. :-) When you actually try and navigate to the site...
  • Blog Post: Adding A Custom Claim to a Web App Policy via PowerShell in SharePoint 2010

    I found this process to be much more difficult than anticipated, and then much easier than expected once done so I figured I would do a quick post on it. The task at hand was to add a custom claim to a web app policy via PowerShell. It all works simple enough via the central admin UI. Once you get into...
  • Blog Post: Federated SAML Authentication with SharePoint 2010 and Azure Access Control Service Part 1

    I had been looking at Windows Azure Access Control Service (ACS) with an interesting eye recently, thinking about some of the different integration options. There’s always lots of chatter about claims authentication with SharePoint 2010, and how to integrate ADFS, Windows Live, Facebook, etc. ACS...
  • Blog Post: Access Denied with Claims Auth in Interim Build

    For those of you who have access to one of the interim builds of SharePoint 2010, specifically 4730.1010, you will very likely find claims to be pretty much non-functional. Like after everything is set up and you hit the SharePoint site, you are taken to the page that says "you are signed in as Joe Blow...
  • Blog Post: Federating SiteMinder and SharePoint 2010

    Hey folks, I just wanted to let you know that CA SiteMinder and Microsoft folks have been working together to create a whitepaper that details how to federate identities between CA Federation Manager and SharePoint 2010. They have recently released this paper that describes in great detail how to do...
  • Blog Post: Writing a Custom Claims Provider for SharePoint 2010 - Part 3: Searching Claims

    In the first two parts in this series we've seen how to create a custom provider, do claims augmentation and register the provider, as well as how to add a hierarchy to the people picker. In this post we'll talk about how to implement searching for our claims in the people picker with our custom...
  • Blog Post: Using the WHR Parameter with SharePoint 2010 and SAML Auth

    I've seen lots of questions and confusion (and was a little lost myself for a bit) on the fixes in SharePoint 2010 SP1 + June CU to enable use of the WHR parameter. This does in fact work now but requires a couple of things: Configure the SPTrustedIdentityTokenIssuer The SPTrustedIdentityTokenIssuer...
  • Blog Post: How to Override the Default Name Resolution and Claims Provider in SharePoint 2010

    An issue that has frustrated a lot of folks since SharePoint 2007 and the WebSSO provider, and that continues today in SharePoint 2010 when using claims authentication with something like ADFS v2, is name resolution. Meaning that in most cases you can type in any random value you want into the search...
  • Blog Post: SharePoint 2010 Claims Auth Login Stops at ADFS Authentication Page

    I've had this happen a number of times and it always temporarily gets me gummed up so I thought I would describe this problem and resolution here because I'm sure others have seen it too. Assume you have configured a SharePoint web app to use SAML claims, and the IP-STS is ADFS 2.0. What I...
  • Blog Post: Using Custom Claims in Web Application Policies in SharePoint 2010

    Had kind of an interesting question that someone just asked me so I thought I would share the results here with everyone. The question was whether you could take a custom claim that is provided by augmentation via a custom claims provider, and use it as part of a web application policy that you create...
  • Blog Post: Retrieving REST Data in a Claims Based Auth Site in SharePoint 2010

    NOTE: This posting is a very small part of one section of a new whitepaper coming out on claims and SharePoint 2010. Look the whitepaper later this year or early next year. SharePoint 2010 provides the ability to retrieve list data through a REST interface. In this example I'll reuse the code...
  • Blog Post: More Information on Adding and Changing Custom Claims Providers in SharePoint 2010

    This is a topic that continues to generate swirl, because as soon as you make one change you may want to make another or remove a change you made. I've blogged about this topic before: http://blogs.technet.com/speschka/archive/2010/04/28/how-to-override-the-default-name-resolution-and-claims-provider...
  • Blog Post: Configuring SharePoint to use a Specific Identity Provider in ADFS

    In my previous posting ( http://blogs.technet.com/b/speschka/archive/2010/11/24/configuring-adfs-trusts-for-multiple-identity-providers-with-sharepoint-2010.aspx ), I explained how to configure trusts between two different ADFS servers. One example where this may be necessary is if you have one ADFS...
  • Blog Post: The Claims, Azure and SharePoint Integration Toolkit Part 4

    This is part 4 of a 5 part series on the CASI (Claims, Azure and SharePoint Integration) Kit. · Part 1 : an introductory overview of the entire framework and solution and described what the series is going to try and cover. · Part 2 : the guidance part of the CASI Kit. It starts with...