Do You Need An Account In Azure Active Directory if Using ADFS?

Today’s topic is a little spin on a question that seems to be coming up more frequently, specifically when folks are using a combination of Azure Active Directory and ADFS. That question is, if I’m using ADFS do I really need to have an account in an Azure Active Directory (AAD) tenant? Well, of course,…

0

Signout With SharePoint 2013 and SAML

Today's topic is one for which I deserve zero credit, I'm just putting out info that one of our crack engineers, Chad Ray, managed to dig up.  I wanted to publish it here because I've worked with and talked to so many folks in the past who have struggled with getting a truly complete signout…

2

400 Bad Request Error with ADFS

I spent waaayyyyy too much time trying to resolve this problem so am capturing it here in case any of the rest of you run up against this.  I installed a new ADFS 3.0 on Windows Server 2012 R2 machine in my environment, and then configured a new SharePoint SPTrustedIdentityTokenIssuer for it.  Every time I…

15

The Azure Custom Claim Provider for SharePoint Project Part 2

In Part 1 of this series, I briefly outlined the goals for this project, which at a high level is to use Windows Azure table storage as a data store for a SharePoint custom claims provider.  The claims provider is going to use the CASI Kit to retrieve the data it needs from Windows Azure…

5

Tips for Upgrading or Moving ADFS 2.0

I recently spent too much time trying to get an ADFS Server upgraded, in my case from Windows Server 2008 to 2008 R2.  Like many SharePoint folks that are just trying to get along in a claims happy world, seemingly simple things like this can cause a surprising amount of churn.  Here are some tips…

5

Federated SAML Authentication with SharePoint 2010 and Azure Access Control Service Part 2

In the first post in this series (http://blogs.technet.com/b/speschka/archive/2011/05/05/federated-saml-authentication-with-sharepoint-2010-and-azure-access-control-service-part-1.aspx) I described how to configure SharePoint to establish a trust directly with the Azure Access Control (ACS) service and use it to federate authentication between ADFS, Yahoo, Google and Windows Live for you and then use that to get into SharePoint.  In part 2 I’m going to…

3

Federated SAML Authentication with SharePoint 2010 and Azure Access Control Service Part 1

I had been looking at Windows Azure Access Control Service (ACS) with an interesting eye recently, thinking about some of the different integration options.  There’s always lots of chatter about claims authentication with SharePoint 2010, and how to integrate ADFS, Windows Live, Facebook, etc.  ACS (also known as AppFabric ACS to you Azure purists /…

15

How To Add Additional Claims in ADFS 2.0 that can be Consumed in SharePoint 2010

Just a quick tip here to save you a little time in case you decide you want to add additional claims for your users in ADFS 2.0 and have them successfully consumed in SharePoint 2010.  The key thing to remember is that SharePoint only supports SAML 1.x, so it requires that the claim type be…

5

The Dreaded 3 Login Prompts When Authenticating

I had this all too common problem hit me this weekend, but this was happening on my ADFS server, which I unfortunately was rebuilding.  The most common reasons as you know have to do with some misconfigured Kerberos setting, or with using some name other than the server name for a web application (the 'ol…

4

Configuring SharePoint to use a Specific Identity Provider in ADFS

In my previous posting (http://blogs.technet.com/b/speschka/archive/2010/11/24/configuring-adfs-trusts-for-multiple-identity-providers-with-sharepoint-2010.aspx), I explained how to configure trusts between two different ADFS servers.  One example where this may be necessary is if you have one ADFS server that is a sort of hub for other ADFS servers being used.  If we follow this scenario out, suppose you have multiple web applications in…

5