For various reasons getting a claims based authentication web application up and working correctly with both an identity claim and a role claim has been troublesome to say the least. So I'm going to share here the steps just around creating the claims and the SPTrustedIdentityTokenIssuer.
1. Create the identity claim:
$map = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
2. Create the role claim:
$map2 = New-SPClaimTypeMapping -IncomingClaimType " http://schemas.microsoft.com/ws/2008/06/identity/claims/role " -IncomingClaimTypeDisplayName "Role" -SameAsIncoming
3. Include BOTH claims when creating your SPTrustedIdentityTokenIssuer:
$ap = New-SPTrustedIdentityTokenIssuer -Name "ADFS v2" -Description "ADFS v2" -Realm "yourRealmName" -ImportTrustCertificate $yourCert -ClaimsMappings $map,$map2 -SignInUrl "https://urlToYourAdfsServer/adfs/ls" -IdentifierClaim "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
One of the keys here is that you need to do this WHEN you create your token issuer, you can't add it after the fact. This is one of the limitations of SPTrustedIdentityTokenIssuers that I will discuss in another post.
http://dichvuketoanlongbien.com/
http://dichvuketoanlongbien.com/a2-96-dich-vu-ke-toan-tron-goi.html
http://dichvuketoanlongbien.com/a2-98-dich-vu-ke-toan-thue.html
http://dichvuketoanlongbien.com/a2-103-dich-vu-bao-cao-tai-chinh.html
http://dichvuketoanlongbien.com/a2-97-dich-vu-quyet-toan-thue.html
http://dichvuketoanlongbien.com/a2-114-dich-vu-ke-toan-tai-29-quan-huyen.html
http://dichvuketoanlongbien.com/i780-dich-vu-ke-toan-thue-tron-goi-tai-bac-ninh.html
http://dichvuketoanlongbien.com/i779-dich-vu-ke-toan-thue-tron-goi-tai-bac-giang.html
http://dichvuketoanlongbien.com/i778-dich-vu-ke-toan-thue-tron-goi-tai-phu-tho.html
http://dichvuketoanlongbien.com/i781-dich-vu-ke-toan-thue-tron-goi-tai-hung-yen.html
http://dichvuketoanlongbien.com/i782-dich-vu-ke-toan-thue-tron-goi-tai-vinh-phuc.html
http://dichvuketoanlongbien.com/i783-dich-vu-ke-toan-thue-tron-goi-tai-hai-phong.html
http://www.trungtamketoan.com.vn/
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-ha-noi.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-tp-hcm.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-quang-ninh.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-duong.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-giang.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-ninh.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-phong.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-nam-dinh.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thai-binh.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thanh-hoa.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-vinh-phuc.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hung-yen.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-phu-tho.html
http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-binh-duong.html
http://www.tosvn.com
http://iketoan247.blogspot.com
http://tailieuveketoan.blogspot.com
http://mauhinhnendep.blogspot.com
http://www.tosvn.com/search/label/Hack%20CF
http://www.tosvn.com/search/label/Hack%20AvatarStar
http://www.tosvn.com/search/label/Hack%20Warcraft-Dota2
http://www.tosvn.com/2014/12/hack-truy-kich-mien-phi-hack-truy-kich.html
http://iketoan247.blogspot.com/search/label/thong-tin-kinh-te
http://iketoan247.blogspot.com/search/label/tin-bai-ve-thue
http://hoclamketoan.edu.vn/
http://hoclamketoan.edu.vn/category/khoa-hoc-ke-toan
http://hoclamketoan.edu.vn/category/dich-vu-ke-toan
http://hoclamketoan.edu.vn/category/hoc-lam-ke-toan
http://hoclamketoan.edu.vn/category/tai-lieu-ke-toan
http://hocketoan360.com/
http://hocketoan360.com/category/khoa-hoc-ke-toan/
http://hocketoan360.com/category/dich-vu-ke-toan/
http://hocketoan360.com/category/tai-lieu-ke-toan/
http://me.zing.vn/zb/u/htdung2281990
http://me.zing.vn/zb/c/htdung2281990/6594341
http://me.zing.vn/zb/c/htdung2281990/1
What if I have multiple Roles? When I try to add another role I get an error message stating " New-SPTrustedIdentityTokenIssuer : An item with the same key has already been added. "
Using your example I would add [ $map3 = New-SPClaimTypeMapping -IncomingClaimType " schemas.microsoft.com/…/role " -IncomingClaimTypeDisplayName "Role2" -SameAsIncoming ] and then add $map3 to the -ClaimsMappings section of the " New-SPTrustedIdentityTokenIssuer " command.
Any thoughts?
@Stephen, It sounds like you need to remove your existing Id Issuer first. You can't update the mappings once it's created. Use Remove-SPTrustedIdentityTokenIssuer to remove it, then try adding it with all 3 mappings. Also, see the "Planning Considerations…" post at blogs.technet.com/…/planning-considerations-for-claims-based-authentication-in-sharepoint-2010.aspx.
I got ADFS and SharePoint 2010 working with the Identity and Role claims you have mention above. However I can't figure out one thing. When I add a single user from the AD, I can log in with that user and everything works fine. The problem is when I try to add an AD group such as Domain Users, none of my AD users are able to log in. Any ideas?
http://www.shopbestgoods.com/
http://www.nike-jordanshoes.com/
http://www.beatsbydreoutlet.net/
http://www.michaelkorsus.com/
http://www.polo-tshirts.com/
http://www.northsclearance.com/
http://www.ralph-laurensale.com/
http://www.gucci-shoesuk2014.com/
http://www.michael-korsusa.com/
http://www.polo-outlets.com/
http://www.ralphslauren.co.uk/
http://www.marcjacobsonsale.com/
http://www.mcmworldwides.com/
http://www.salongchamppairs.com/
http://www.canada-gooser.com/
http://www.burberryoutlet2014.com/
http://www.michaelkors.so/
http://www.hermes-outletonline.com/
http://www.oakley-sunglassoutlet.com/
http://www.north-faceoutlets.net/
http://www.moncler-clearance.com/
http://www.woolrich-clearance.com/
http://www.barbour-jacketsoutlet.com/
http://www.moncler-jacketsoutletonline.com/
http://www.monsterbeatsbydres.net/
http://www.louis-vuittonblackfriday.com/
http://www.lv-guccishoesfactory.com/
http://www.mcmoutlet-jp.com/
http://www.cheapdiscountoutlet.com/
http://coachoutlet.iwopop.com/
http://www.coachsfactoryoutlet.com/
http://www.coach-blackfriday2014.com/
http://www.coach-storeoutletonline.com/
http://www.coach-factorysoutletonline.com/
http://www.coachccoachoutlet.com/
http://www.coach-factories.net/
http://www.coach-pursesoutletonline.com/
http://www.llouisvuitton-factory.net/
http://www.coach-outletsusa.com/
http://www.mksfactoryoutlet.com/
http://www.zxcoachoutlet.com/
http://www.mischristmas.com/
http://www.misblackfriday.com/
http://www.bestcustomsonline.com/
http://www.newoutletonlinemall.com/
http://www.clickmichaelkors.com/
http://www.cmichaelkorsoutlet.com/
http://www.ralphlaurenepolo.com/
http://michaelkorsoutlet.mischristmas.com/
http://mcmbackpack.mischristmas.com/
http://monsterbeats.mischristmas.com/
http://northfaceoutlet.mischristmas.com/
http://mk.misblackfriday.com/
http://coachoutlet.misblackfriday.com/
http://coachfactory.misblackfriday.com/
http://uggaustralia.misblackfriday.com/
http://coachpurses.misblackfriday.com/
http://coachusa.misblackfriday.com/
http://coach.misblackfriday.com/
http://michaelkorss.misblackfriday.com/
http://michaelkors.misblackfriday.com/
http://airmax.misblackfriday.com/
http://michael-kors.misblackfriday.com/
http://t.co/1PJuejI1ys
http://t.co/FYm2MxWwLM
https://twitter.com/CoachOutlet2014
https://www.facebook.com/pages/Coach-Factory-Outlet-Online-Store-Michael-Kors-Outlet-Online-Sale-75-Off/712060898859091
https://www.facebook.com/pages/Ralph-Lauren-Polo-Outlet-Online-Sale/1404100279810690
I recently witnessed a problem that proved to be fairly difficult to track down so I thought I would