In this post I’m going to do an end-to-end walk through on how to configure SharePoint 2010 and ADFS v2 together to use SAML claims authentication. I’ll includes steps and PowerShell scripts to demonstrate and will try and bring all of the pieces together in one big posting. First a brief overview of the components…
Tag: Claims
Writing A Custom Forms Login Page for SharePoint 2010 Part 1
In SharePoint 2007 writing a custom login page for a forms based authentication (FBA) site was not too terribly hard. There were a few things to know, most of which weren’t SharePoint specific, and some tips to have your login form take on the look and feel of a standard SharePoint layouts page. Overall though,…
Managing Trusted Root Authorities for Claims Authentication in SharePoint 2010 Central Admin
I just thought I would create this post to raise awareness about another way to manage trusted root authorities in SharePoint 2010. For those of you who have been doing claims authentication sites, you know that you need to add all of the certificates in the token signing certificate's chain into SharePoint's list of trusted…
The given key was not present in the dictionary Error When Validating User Accounts
This is a problem that I’ve seen come up a few times now, with a particularly nasty side effect for sites using SAML claims with ADFS. Where I first saw this problem was when I created a new farm and I went into add a service account. I typed in the alias for the account…
Using Audiences with Claims Auth Sites in SharePoint 2010
Something you may not have thought of around using SAML claims is the impact on the Audiences feature in SharePoint 2010. By default we will only import users from directories like Active Directory and a few LDAP sources. The problem is that the account name for most SAML claims users is something like i:05:t|adfs with…
Migrating a Web Application from Windows Classic to Windows Claims in SharePoint 2010
Hey all, this question came up recently about what do I do if I have a web application that is using Windows classic authentication and I want to change it to use Windows claims? It could be that you started in Windows classic and now want to move to claims, or maybe you had a…
Using the Client Object Model with a Claims Based Auth Site in SharePoint 2010
This is a companion posting to my blog about how to use the client OM with a site that is secured with FBA (http://blogs.technet.com/b/speschka/archive/2010/06/03/using-the-client-object-model-with-a-forms-based-auth-site-in-sharepoint-2010.aspx). First let me just say, this was hard! Like probably way harder than you would hope for, but there is actually a pretty understandable reason why that’s the case. With both…
Configuring a Custom Claims Provider to be Used only on Select Zones in SharePoint 2010
UPDATE: I updated the application attachment for this posting. Before it would only let you toggle a claims provider for a zone if that zone was using SAML claims. In retrospect that limitation didn't make a lot of sense, so now it lets you toggle a claims provider for any zone that is using any…
More Information on Adding and Changing Custom Claims Providers in SharePoint 2010
This is a topic that continues to generate swirl, because as soon as you make one change you may want to make another or remove a change you made. I've blogged about this topic before: http://blogs.technet.com/speschka/archive/2010/04/28/how-to-override-the-default-name-resolution-and-claims-provider-in-sharepoint-2010.aspx and http://blogs.technet.com/b/speschka/archive/2010/05/25/replacing-the-out-of-box-name-resolution-in-sharepoint-2010-part-2.aspx. I thought I'd try to summarize and add a few final thoughts here. So here are the main scenarios…
Writing A Claims Provider Walk-Through and Sample Code
Just an FYI folks – the previous four part blog series I wrote on developing a custom claims provider has been consolidated and republished as an MSDN article. You can find it at http://msdn.microsoft.com/en-us/library/ff699494.aspx. In addition to the write up you've seen previously on this blog, it also includes the complete sample provider solution with…