Anyone familiar with using claims based authentication with SharePoint will likely have had issues when validating user accounts using custom claims providers.
I have worked with many over the years, some better than others and this post is about one particular issue I faced on a recent project.
I was implementing a custom claims provider, which was provided to me by the development team in the form of a WSP solution file.
After deploying the solution and activating the required feature as specified by the developers, the claim provider was present and active but my authentication was failing because no identity was being picked up.
The first thing to check is that your claim provider is created and the attributes look correct:
Get-SPClaimProvider
Check the "IsEnabled" is set as true and 'IsVisible" is also set as true.
After some more head scratching, I wanted to ensure that the claim provider was actually associated with the correct zone as I was trying to access the intranet zone.
This script will output the claim providers for a particular zone or URL.
$site = Get-SPSite("https://test.com")
$web = $site.OpenWeb("/")
$request = New-Object System.Web.HttpRequest("", $web.Url, "")
$response = New-Object System.Web.HttpResponse(New-
$dummyContext = New-Object System.Web.HttpContext($
$dummyContext.Items["
[System.Web.HttpContext]::Curr
$zone = [microsoft.sharepoint.
[microsoft.sharepoint.
The feature really should have handled the association of the claim provider, but in this case I have had to handle this manually using the below script which will associate the claim provider you specify with the URL you specify.
$url = "https://test.com"
$zone = "Intranet"
$webapp = get-spwebapplication $url
if ($webapp.iisSettings.containsK
$providers = @()
$providers += "CustomClaimProvider";
Set-SPWebApplication -Identity $WebApp -Zone $Zone -AdditionalClaimProvider $providers
}
Hope this comes in handy,
Matt
No comments:
Post a Comment