There are times in SharePoint when you want or need to change an account identity. The best example is with SAML claims. In virtually of my examples I use email address as the identity claim for users. I do this because a) most people have an email address and b) an email address is something…
Tag: Claims
The Issuer of a Token is not a Trusted Issuer Craziness with SAML Claims in SharePoint 2010
Let's be honest – every now and then SharePoint lies to us. Case in point – I was working with my friend Nidhish today, getting SAML working on a SharePoint site. We started out be getting a strange HTTP 500 error when we hit the site. That in and of itself is unusual in my experience. …
Getting Welcome Emails to Work with a Custom Claims Provider in SharePoint 2010
A good “friend of the blog”, Israel V., was good enough to point out to me recently that pretty much all of the code samples that we have for custom claims providers contain an irritating little flaw – if you follow these samples then the welcome emails that get sent out when you add a…
When Do You Need to Install a Custom Claims Provider for Search in SharePoint 2010
We've been having a few good (meaning "interesting") discussions lately about custom claims providers and search. As it turns out, there are instances when you need to install your custom claim provider on a search box ("box" being something I'll define down below) in order to get security trimming working correctly in your search results. …
One More Claims Migration Gotcha For SharePoint 2010
Hey folks, I've written previously about how to migrate code for claims users (such as Windows claims to SAML claims) in this post about the IMigrateUserCallback interface: http://blogs.technet.com/b/speschka/archive/2011/01/27/migrating-user-accounts-from-windows-claims-to-saml-claims.aspx. Just as with that post, our good friend Raju S. also had some other interesting information to add to this content today. One of our other "friends…
Finally A USEFUL Way to Federate With Windows Live and SharePoint 2010 Using OAuth and SAML
Lots of folks have talked to me in the past about federating SharePoint with Windows Live. On the surface it seems like a pretty good idea – Windows Live has millions of users, everyone logs in with their email address, which is something we use a lot as an identity claim, it’s a big scalable…
The Azure Custom Claim Provider for SharePoint Project Part 3
In Part 1 of this series, I briefly outlined the goals for this project, which at a high level is to use Windows Azure table storage as a data store for a SharePoint custom claims provider. The claims provider is going to use the CASI Kit to retrieve the data it needs from Windows Azure…
The Azure Custom Claim Provider for SharePoint Project Part 2
In Part 1 of this series, I briefly outlined the goals for this project, which at a high level is to use Windows Azure table storage as a data store for a SharePoint custom claims provider. The claims provider is going to use the CASI Kit to retrieve the data it needs from Windows Azure…
Adding Users Programmatically to A Claims Site in SharePoint 2010
I had a friend send me kind of an interesting problem the other day. He was trying to add a new user programmatically to a Windows claims site and having all sorts of difficulties. His initial attempt at adding the user with domain\username and the SPRoleAssignment class was not working for him. He then tried…
Some Easy PowerShell to Export the Token Signing Certificate from SharePoint 2010
I know this has been a pain of varying magnitudes for folks over the last couple of years, so I thought I would share some nice PowerShell I stumbled upon recently. It allows you to export the token signing certificate of the local SharePoint farm's STS. You can then use this for things like getting…