Something you may not have thought of around using SAML claims is the impact on the Audiences feature in SharePoint 2010. By default we will only import users from directories like Active Directory and a few LDAP sources. The problem is that the account name for most SAML claims users is something like i:05:t|adfs with…
Tag: Authentication
Migrating a Web Application from Windows Classic to Windows Claims in SharePoint 2010
Hey all, this question came up recently about what do I do if I have a web application that is using Windows classic authentication and I want to change it to use Windows claims? It could be that you started in Windows classic and now want to move to claims, or maybe you had a…
Using the Client Object Model with a Claims Based Auth Site in SharePoint 2010
This is a companion posting to my blog about how to use the client OM with a site that is secured with FBA (http://blogs.technet.com/b/speschka/archive/2010/06/03/using-the-client-object-model-with-a-forms-based-auth-site-in-sharepoint-2010.aspx). First let me just say, this was hard! Like probably way harder than you would hope for, but there is actually a pretty understandable reason why that’s the case. With both…
Using the Client Object Model with a Forms Based Auth Site in SharePoint 2010
One of the questions I’ve seen a few times since my “mega-posting” on the client object model, is how to use it with a SharePoint site that is secured with forms based authentication. There are actually a couple of ways you could do this. The more complicated approach that I won’t describe in great detail…
Configuring a Custom Claims Provider to be Used only on Select Zones in SharePoint 2010
UPDATE: I updated the application attachment for this posting. Before it would only let you toggle a claims provider for a zone if that zone was using SAML claims. In retrospect that limitation didn't make a lot of sense, so now it lets you toggle a claims provider for any zone that is using any…
More Information on Adding and Changing Custom Claims Providers in SharePoint 2010
This is a topic that continues to generate swirl, because as soon as you make one change you may want to make another or remove a change you made. I've blogged about this topic before: http://blogs.technet.com/speschka/archive/2010/04/28/how-to-override-the-default-name-resolution-and-claims-provider-in-sharepoint-2010.aspx and http://blogs.technet.com/b/speschka/archive/2010/05/25/replacing-the-out-of-box-name-resolution-in-sharepoint-2010-part-2.aspx. I thought I'd try to summarize and add a few final thoughts here. So here are the main scenarios…
Writing A Claims Provider Walk-Through and Sample Code
Just an FYI folks – the previous four part blog series I wrote on developing a custom claims provider has been consolidated and republished as an MSDN article. You can find it at http://msdn.microsoft.com/en-us/library/ff699494.aspx. In addition to the write up you've seen previously on this blog, it also includes the complete sample provider solution with…
SharePoint Claims Auth Without SSL
Someone asked me the other day whether we could use claims auth in SharePoint 2010 with ADFS v2 as the identity provider STS (STS-IP), but NOT use SSL on the SharePoint site. In working through it, I found that there are some inherent limitations in making this happen, but not on the SharePoint side. In…
Replacing the out of box Name Resolution in SharePoint 2010 – Part 2
A while ago I posted an entry on how to configure your custom claims provider to replace the out of the box claims provider (http://blogs.technet.com/speschka/archive/2010/04/28/how-to-override-the-default-name-resolution-and-claims-provider-in-sharepoint-2010.aspx). I wanted / need to follow up on that posting, because we found some additional details that you will want to have in hand should you go down this route. …
How to Override the Default Name Resolution and Claims Provider in SharePoint 2010
An issue that has frustrated a lot of folks since SharePoint 2007 and the WebSSO provider, and that continues today in SharePoint 2010 when using claims authentication with something like ADFS v2, is name resolution. Meaning that in most cases you can type in any random value you want into the search box, and the…