See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Compatability & Converters
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously
Office Web Apps
Visual Studio 2010
Visual Studio 2012
Windows Phone 7
Windows Phone 8
Browse by Tags
Programmatically Adding A Trusted Identity Token Issuer to a Web Application Zone in SharePoint 2010 and 2013
Seems like I haven't had a chance to write a good SharePoint / SAML claims kind of article in a while. I was happily plugging away on some code this weekend for a scenario I haven't done before so I thought I would go ahead and post it here for the search engines. The whole topic in general has...
28 Feb 2014
Using ACS with the New Azure Web Sites
This is effectively just a "retweet" but I wanted to call this out because it was very helpful recently solving a problem in what I think is an important scenario - using ACS for federated identity management with an application hosted in the new Azure web sites. Vittorio Bertocci posted on the relatively...
29 Jan 2013
Mapping User Profiles for SAML Users with an AD Import in SharePoint 2013
This is a topic that becomes very important in SharePoint 2013, and that is making sure you have a fully populated user profile application. In SharePoint 2013 the user profile system plays a critical role in the OAuth infrastructure, which is what allows certain trusted application scenarios to succeed...
8 Aug 2012
Getting Welcome Emails to Work with a Custom Claims Provider in SharePoint 2010
A good “friend of the blog”, Israel V., was good enough to point out to me recently that pretty much all of the code samples that we have for custom claims providers contain an irritating little flaw – if you follow these samples then the welcome emails that get sent out when you add...
3 May 2012
Using the WHR Parameter with SharePoint 2010 and SAML Auth
I've seen lots of questions and confusion (and was a little lost myself for a bit) on the fixes in SharePoint 2010 SP1 + June CU to enable use of the WHR parameter. This does in fact work now but requires a couple of things: Configure the SPTrustedIdentityTokenIssuer The SPTrustedIdentityTokenIssuer...
15 Sep 2011
Federating SiteMinder and SharePoint 2010
Hey folks, I just wanted to let you know that CA SiteMinder and Microsoft folks have been working together to create a whitepaper that details how to federate identities between CA Federation Manager and SharePoint 2010. They have recently released this paper that describes in great detail how to do...
10 Jun 2011
Federated SAML Authentication with SharePoint 2010 and Azure Access Control Service Part 1
NOTE: As usual the formatting on this site sucks. I recommend you download the Word document attachment with this posting for better reading. I had been looking at Windows Azure Access Control Service (ACS) with an interesting eye recently, thinking about some of the different integration options...
5 May 2011
How To Add Additional Claims in ADFS 2.0 that can be Consumed in SharePoint 2010
Just a quick tip here to save you a little time in case you decide you want to add additional claims for your users in ADFS 2.0 and have them successfully consumed in SharePoint 2010. The key thing to remember is that SharePoint only supports SAML 1.x, so it requires that the claim type be in a very...
2 Apr 2011
SharePoint 2010 Claims Auth Login Stops at ADFS Authentication Page
I've had this happen a number of times and it always temporarily gets me gummed up so I thought I would describe this problem and resolution here because I'm sure others have seen it too. Assume you have configured a SharePoint web app to use SAML claims, and the IP-STS is ADFS 2.0. What I see sometimes...
25 Feb 2011
Configuring SharePoint to use a Specific Identity Provider in ADFS
In my previous posting ( http://blogs.technet.com/b/speschka/archive/2010/11/24/configuring-adfs-trusts-for-multiple-identity-providers-with-sharepoint-2010.aspx ), I explained how to configure trusts between two different ADFS servers. One example where this may be necessary is if you have one ADFS...
24 Nov 2010
Problems Resolving Claims Names in SharePoint 2010
I've seen this problem crop up a few times now so I thought I'd try and share in case you run across it and are trying to troubleshoot. I've seen cases where you can't get name resolution to work, like when you type in a name in the type-in control then click the resolve button. You may even attach a...
15 Nov 2010
Adding A Custom Claim to a Web App Policy via PowerShell in SharePoint 2010
I found this process to be much more difficult than anticipated, and then much easier than expected once done so I figured I would do a quick post on it. The task at hand was to add a custom claim to a web app policy via PowerShell. It all works simple enough via the central admin UI. Once you get into...
12 Nov 2010
The Claims, Azure and SharePoint Integration Toolkit Part 5
This is part 5 of a 5 part series on the CASI (Claims, Azure and SharePoint Integration) Kit. · Part 1 : an introductory overview of the entire framework and solution and described what the series is going to try and cover. · Part 2 : the guidance part of the CASI Kit. It starts with...
9 Nov 2010
The Claims, Azure and SharePoint Integration Toolkit Part 4
This is part 4 of a 5 part series on the CASI (Claims, Azure and SharePoint Integration) Kit. · Part 1 : an introductory overview of the entire framework and solution and described what the series is going to try and cover. · Part 2 : the guidance part of the CASI Kit. It starts with...
8 Nov 2010
Retrieving REST Data in a Claims Based Auth Site in SharePoint 2010
NOTE: This posting is a very small part of one section of a new whitepaper coming out on claims and SharePoint 2010. Look the whitepaper later this year or early next year. SharePoint 2010 provides the ability to retrieve list data through a REST interface. In this example I'll reuse the code to get...
25 Sep 2010
TrustedMissingIdentityClaimSource Error with Claims Auth in SharePoint 2010
I've seen this error happen a few times to myself and others so I thought I would share the likely culprit. The scenario is, you set up claims authentication in SharePoint 2010...and you're pretty sure you've configured everything correctly. :-) When you actually try and navigate to the site though you...
24 Sep 2010
Using Custom Claims in Web Application Policies in SharePoint 2010
Had kind of an interesting question that someone just asked me so I thought I would share the results here with everyone. The question was whether you could take a custom claim that is provided by augmentation via a custom claims provider, and use it as part of a web application policy that you create...
23 Aug 2010
Managing Trusted Root Authorities for Claims Authentication in SharePoint 2010 Central Admin
I just thought I would create this post to raise awareness about another way to manage trusted root authorities in SharePoint 2010. For those of you who have been doing claims authentication sites, you know that you need to add all of the certificates in the token signing certificate's chain into SharePoint...
7 Jul 2010
Using Audiences with Claims Auth Sites in SharePoint 2010
Something you may not have thought of around using SAML claims is the impact on the Audiences feature in SharePoint 2010. By default we will only import users from directories like Active Directory and a few LDAP sources. The problem is that the account name for most SAML claims users is something like...
12 Jun 2010
More Information on Adding and Changing Custom Claims Providers in SharePoint 2010
This is a topic that continues to generate swirl, because as soon as you make one change you may want to make another or remove a change you made. I've blogged about this topic before: http://blogs.technet.com/speschka/archive/2010/04/28/how-to-override-the-default-name-resolution-and-claims-provider...
2 Jun 2010
How to Override the Default Name Resolution and Claims Provider in SharePoint 2010
An issue that has frustrated a lot of folks since SharePoint 2007 and the WebSSO provider, and that continues today in SharePoint 2010 when using claims authentication with something like ADFS v2, is name resolution. Meaning that in most cases you can type in any random value you want into the search...
28 Apr 2010
How to Create Multiple Claims Auth Web Apps in a Single SharePoint 2010 Farm
The question has been coming up more frequently lately about how does one configure multiple web apps that use claims authentication in SharePoint 2010. The primary point of confusion usually comes around the SPTrustedIdentityTokenIssuer. As I noted in a previous post ( http://blogs.technet.com/speschka...
27 Apr 2010
Writing a Custom Claims Provider for SharePoint 2010 - Part 4: Supporting Resolve Name
In the first three parts of this series we've implemented just about all of the support needed to do an end-to-end claims provider. In this last post I'll describe how to name resolution support in the type-in control. To add this support we'll need to implement the following property and methods: SupportsResolve...
13 Mar 2010
Writing a Custom Claims Provider for SharePoint 2010 - Part 3: Searching Claims
In the first two parts in this series we've seen how to create a custom provider, do claims augmentation and register the provider, as well as how to add a hierarchy to the people picker. In this post we'll talk about how to implement searching for our claims in the people picker with our custom provider...
13 Mar 2010
Access Denied with Claims Auth in Interim Build
For those of you who have access to one of the interim builds of SharePoint 2010, specifically 4730.1010, you will very likely find claims to be pretty much non-functional. Like after everything is set up and you hit the SharePoint site, you are taken to the page that says "you are signed in as Joe Blow...
13 Feb 2010
© 2014 Microsoft Corporation.
Privacy & Cookies