Using the WHR Parameter with SharePoint 2010 and SAML Auth


I've seen lots of questions and confusion (and was a little lost myself for a bit) on the fixes in SharePoint 2010 SP1 + June CU to enable use of the WHR parameter.  This does in fact work now but requires a couple of things:

  1. Configure the SPTrustedIdentityTokenIssuer

The SPTrustedIdentityTokenIssuer has a property called UseWHomeRealmParameter now; that must be set to true in order for SharePoint to pass the WHR parameter along to the IdP.  Here's a short powershell snippet that I used to do this:

$ap = get-sptrustedidentitytokenissuer -identity "ADFS with Roles"
$ap.UseWHomeRealmParameter = $true
$ap.Update()

Pretty simple – now SharePoint will send along any WHR parameter that it finds.

  1. Write or do "something" to append the WHR parameter

In my case I wrote an HttpModule to append the WHR parameter.  Specifically here is how I did it:

  • In the Init override I added a handler for the BeginRequest event
  • In the code for the BeginRequest event I look to see if:
  • The request is headed to _trust/default.aspx AND
  • The request does NOT have a WHR parameter included yet
  • If the request meets the two criteria described above, I create a redirect back to the _trust/default.aspx.  When I do that I:
  • Add every query string parameter that was there before
  • Append my WHR parameter to the end
  • Response.Redirect back to _trust/default.aspx

That was it.  I tested this using an InPrivate browser session in IE because it won't use the authentication cookies that could otherwise throw off the test results.  So far all tests have worked just as hoped – I've also verified in Fiddler that the WHR parameter is now flowing over to ADFS (in my case) as desired.  I've attached the source code for my simple litte project to this posting to help get you started.

AdfsHrd.zip

Comments (6)

  1. alexandrad9x says:

    Tao http://dichvuketoanlongbien.com/
    Rủa
    http://dichvuketoanlongbien.com/a2-96-dich-vu-ke-toan-tron-goi.html
    Thằng http://dichvuketoanlongbien.com/a2-98-dich-vu-ke-toan-thue.html
    Cờ
    http://dichvuketoanlongbien.com/a2-103-dich-vu-bao-cao-tai-chinh.html
    http://dichvuketoanlongbien.com/a2-97-dich-vu-quyet-toan-thue.html
    Nào
    http://dichvuketoanlongbien.com/a2-114-dich-vu-ke-toan-tai-29-quan-huyen.html
    Soi
    http://dichvuketoanlongbien.com/i780-dich-vu-ke-toan-thue-tron-goi-tai-bac-ninh.html
    Tài
    http://dichvuketoanlongbien.com/i779-dich-vu-ke-toan-thue-tron-goi-tai-bac-giang.html
    Khoản
    http://dichvuketoanlongbien.com/i778-dich-vu-ke-toan-thue-tron-goi-tai-phu-tho.html

    http://dichvuketoanlongbien.com/i781-dich-vu-ke-toan-thue-tron-goi-tai-hung-yen.html
    Link
    http://dichvuketoanlongbien.com/i782-dich-vu-ke-toan-thue-tron-goi-tai-vinh-phuc.html
    Của
    http://dichvuketoanlongbien.com/i783-dich-vu-ke-toan-thue-tron-goi-tai-hai-phong.html
    Tao. http://www.trungtamketoan.com.vn/
    Chúng
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-ha-noi.html
    Mày
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-tp-hcm.html
    Đủ
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-quang-ninh.html
    Trình
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-duong.html
    Thì
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-giang.html
    Tự
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-ninh.html
    Đi
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-phong.html

    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-nam-dinh.html
    Làm.
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thai-binh.html
    Việc
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thanh-hoa.html

    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-vinh-phuc.html
    Phải
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hung-yen.html
    Rẻ
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-phu-tho.html
    Rách
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-binh-duong.html
    Như http://www.tosvn.com
    Thế. http://iketoan247.blogspot.com
    Loại http://tailieuveketoan.blogspot.com
    Chó http://mauhinhnendep.blogspot.com
    Má. http://www.tosvn.com/search/label/Hack%20CF
    Tao http://www.tosvn.com/search/label/Hack%20AvatarStar
    Rủa http://www.tosvn.com/search/label/Hack%20Warcraft-Dota2
    Những http://hocketoan360.com/category/tai-lieu-ke-toan/
    Thằng http://iketoan247.blogspot.com/search/label/thong-tin-kinh-te
    Soi http://iketoan247.blogspot.com/search/label/tin-bai-ve-thue
    Tao http://hoclamketoan.edu.vn/
    Sẽ http://hoclamketoan.edu.vn/category/khoa-hoc-ke-toan
    Tan http://hoclamketoan.edu.vn/category/dich-vu-ke-toan
    Cửa http://hoclamketoan.edu.vn/category/hoc-lam-ke-toan
    Nát http://hoclamketoan.edu.vn/category/tai-lieu-ke-toan
    Nhà http://hocketoan360.com/
    Haha http://hocketoan360.com/category/khoa-hoc-ke-toan/
    http://hocketoan360.com/category/dich-vu-ke-toan/

  2. hassan sayed issa20014 says:

    thanks

  3. Eric Raff says:

    If you have F5 load balancers, here is a great iRule that intercepts the 302 Redirect from SharePoint to the IDP (ADFS) and simply tacks on the whr paramater to it. Works like a champ and I did not need an HTTP Module to do this. Hope this helps someone
    out there.

    Comments that explain how the iRule is working begin with ###

    ———————————————————————————-

    when HTTP_RESPONSE {

     if { [HTTP::is_redirect] }{

       ### Check to see if the 302 redirect HTTP Header of "Location" is going to the URI of the Identity Provider

       if { [HTTP::header value Location] starts_with "adfsserver.company.com/…/ls"}{

     ### Setup a $location variable to contain the current string in the HTTP Location Header

         set location [HTTP::header value Location]

     ### Setup a $realm variable to pull the realm paramater value out of the Locatoin header ($location) as you may have multiple SharePoint WebApps or Realms in your env and each realm may need a different &whr paramater

         set realm [findstr $location wtrealm= 8 &]

         ### only continue if you have a value in the $realm paramater

         if { [info exists realm] }{

       ### Look into the value of the $realm paramater and IF it matches 1 or more strings, then set the $location variable and append the &whr paramater of the desired IDP.

           switch -glob $realm {

             urn%3asharepoint%3asite1 –

             urn%3asharepoint%3asite2 {

       ### This is a 3rd party IDP that ADFS has been setup with as a Trusted Identity Provider

               set location "${location}&whr=https://yourIDPIdentifyer/fed/idp"

               HTTP::header replace Location $location

             }

             urn%3asharepoint%3asite3 –

             urn%3asharepoint%3asite1 – {

       ### this is the Active Directory IDP URI that ADFS would use

               set location "${location}&whr=adfsserver.company.com/…/trust"

               HTTP::header replace Location $location

             }

           }

         }

       }

     }

    }

  4. Eric Raff says:

    there is a syntax error I missed on the previous post.

    This line:  urn%3asharepoint%3asite1 – {

    should not have the or operator in it so it should be:

    urn%3asharepoint%3asite1 {

    Sorry about that.

  5. Kunal Mukherjee says:

    Hi Steve,

    This does not work if WAP is configured for the SharePoint url. In that case WAP redirects the url directly to ADFS. Any idea on how to Achieve this with WAP in place ?

  6. SDF says:

    http://www.shopbestgoods.com/
    http://www.nike-jordanshoes.com/
    http://www.beatsbydreoutlet.net/
    http://www.michaelkorsus.com/
    http://www.polo-tshirts.com/
    http://www.northsclearance.com/
    http://www.ralph-laurensale.com/
    http://www.gucci-shoesuk2014.com/
    http://www.michael-korsusa.com/
    http://www.polo-outlets.com/
    http://www.ralphslauren.co.uk/
    http://www.marcjacobsonsale.com/
    http://www.mcmworldwides.com/
    http://www.salongchamppairs.com/
    http://www.canada-gooser.com/
    http://www.burberryoutlet2014.com/
    http://www.michaelkors.so/
    http://www.hermes-outletonline.com/
    http://www.oakley-sunglassoutlet.com/
    http://www.north-faceoutlets.net/
    http://www.moncler-clearance.com/
    http://www.woolrich-clearance.com/
    http://www.barbour-jacketsoutlet.com/
    http://www.moncler-jacketsoutletonline.com/
    http://www.monsterbeatsbydres.net/
    http://www.louis-vuittonblackfriday.com/
    http://www.lv-guccishoesfactory.com/
    http://www.mcmoutlet-jp.com/
    http://www.cheapdiscountoutlet.com/
    http://coachoutlet.iwopop.com/
    http://www.coachsfactoryoutlet.com/
    http://www.coach-blackfriday2014.com/
    http://www.coach-storeoutletonline.com/
    http://www.coach-factorysoutletonline.com/
    http://www.coachccoachoutlet.com/
    http://www.coach-factories.net/
    http://www.coach-pursesoutletonline.com/
    http://www.llouisvuitton-factory.net/
    http://www.coach-outletsusa.com/
    http://www.mksfactoryoutlet.com/
    http://www.zxcoachoutlet.com/
    http://www.mischristmas.com/
    http://www.misblackfriday.com/
    http://www.bestcustomsonline.com/
    http://www.newoutletonlinemall.com/
    http://www.clickmichaelkors.com/
    http://www.cmichaelkorsoutlet.com/
    http://www.ralphlaurenepolo.com/
    http://michaelkorsoutlet.mischristmas.com/
    http://mcmbackpack.mischristmas.com/
    http://monsterbeats.mischristmas.com/
    http://northfaceoutlet.mischristmas.com/
    http://mk.misblackfriday.com/
    http://coachoutlet.misblackfriday.com/
    http://coachfactory.misblackfriday.com/
    http://uggaustralia.misblackfriday.com/
    http://coachpurses.misblackfriday.com/
    http://coachusa.misblackfriday.com/
    http://coach.misblackfriday.com/
    http://michaelkorss.misblackfriday.com/
    http://michaelkors.misblackfriday.com/
    http://airmax.misblackfriday.com/
    http://michael-kors.misblackfriday.com/

    http://t.co/1PJuejI1ys
    http://t.co/FYm2MxWwLM
    https://twitter.com/CoachOutlet2014
    https://www.facebook.com/pages/Coach-Factory-Outlet-Online-Store-Michael-Kors-Outlet-Online-Sale-75-Off/712060898859091
    https://www.facebook.com/pages/Ralph-Lauren-Polo-Outlet-Online-Sale/1404100279810690