http://blogs.technet.com/b/speschka/archive/2010/02/17/planning-considerations-for-claims-based-authentication-in-sharepoint-2010.aspxAs part of some claims based authentication work I've been doing recently, I've come across two very important constraints. They are manageable constraints, but they are things that you need to know about in advance of setting up and configuring youren-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/speschka/archive/2010/02/17/planning-considerations-for-claims-based-authentication-in-sharepoint-2010.aspx#3453292Wed, 14 Sep 2011 20:13:11 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3453292Capriole<p>Should the immutable nature of claims mappings be taken into account when choosing hub vs direct for multiple Partner IdPs/STSes? Hub model implies that you could not change claims mappings for any IdP without deleting and recreating the Hub SPTrustedIdentityTokenIssuer - which could be epic. With direct you would only affect the individual IdP/Partner. I guess you could handle it all with transformations at Hub STS, but only if there were sufficient existing mappings defined for the Hub STS. Seems to indicate careful consideration of claims mappings would be sensible when using Hub model.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3453292" width="1" height="1">http://blogs.technet.com/b/speschka/archive/2010/02/17/planning-considerations-for-claims-based-authentication-in-sharepoint-2010.aspx#3377457Tue, 28 Dec 2010 07:40:39 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3377457Mira<p>Is there a way to implement &nbsp;claim based auth in MOSS 2007. Can we get it customised.</p> <p>Any help is appreatiated.</p> <p>Thanks In Advance.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3377457" width="1" height="1">http://blogs.technet.com/b/speschka/archive/2010/02/17/planning-considerations-for-claims-based-authentication-in-sharepoint-2010.aspx#3358940Thu, 30 Sep 2010 13:21:32 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3358940madnik7<p>Hi vikas</p> <p>Check following link if you look for a OpenID or Live ID provider for SharePoint 2010 with Claims Based Authentication</p> <p><a rel="nofollow" target="_new" href="http://www.shetabtech.com/english/SharePointLiveAuth">www.shetabtech.com/.../SharePointLiveAuth</a></p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3358940" width="1" height="1">http://blogs.technet.com/b/speschka/archive/2010/02/17/planning-considerations-for-claims-based-authentication-in-sharepoint-2010.aspx#3335773Fri, 04 Jun 2010 09:23:46 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3335773vikas<p>Great article, and extremelly useful! By the way, do you know if there is any LiveID provider for Claims-Based authentication to be used on SharePoint 2010? I&#39;ve seen we can still use classic mode and 2007 developments to achieve this but I wonder if there is any improvement in this area.</p> <p>Thanks!</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3335773" width="1" height="1">http://blogs.technet.com/b/speschka/archive/2010/02/17/planning-considerations-for-claims-based-authentication-in-sharepoint-2010.aspx#3335772Fri, 04 Jun 2010 09:23:38 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3335772vikas<p>Great article, and extremelly useful! By the way, do you know if there is any LiveID provider for Claims-Based authentication to be used on SharePoint 2010? I&#39;ve seen we can still use classic mode and 2007 developments to achieve this but I wonder if there is any improvement in this area.</p> <p>Thanks!</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3335772" width="1" height="1">http://blogs.technet.com/b/speschka/archive/2010/02/17/planning-considerations-for-claims-based-authentication-in-sharepoint-2010.aspx#3322634Thu, 01 Apr 2010 14:23:58 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3322634dcday<p>I like your posts on claims very informative.</p> <p>One thing I have discovered with claims and BCS is that the certificate used to sign the claim in the oob installation i.e. &quot;SharePoint Security Token Service&quot; is not compatible with Java's metro web services Metro requires the cert to be a CA. &nbsp;I wonder if you have come accross aa way of changing the signing cert. &nbsp;I have tried creating a new cert and calling this command Set-SPSecurityTokenServiceConfig -SigningCertificateThumbprint &quot;413cdbb21c861fcb19c1ee71b9ed2cae748ae10f&quot; which works but the n the entire trust for SP is blown out the window. &nbsp;I imagine there are more steps to be performed but I can't find any documentation.</p> <p>FYI I am using TAP builds</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3322634" width="1" height="1">