.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Post New Web Links

When to consider ADFS 2.0 as IP STS ?

Posted By:      Posted Date: September 17, 2010    Points: 0   Category :SharePoint
  I am trying to understand When to consider  ADFS 2.0 as IP STS  or in anotehr sense when Sharepoint STS alone is not sufficient and one needs to start thinking of a custom STS or ADFS or Site Minder etc . All my below examples are towards need for a SSO solution .. SSO from the perspective that i haev links of many applications and i am not prompted for username and Password. Example 1 : If all the application in my organisation needs users to be  authenticated against same AD .Then SHould Sharepoint STS sufficient for SSO i.e if i have links to SAP application ( example of SAML Windows Identity ) on my sharepoint application , it shoudnt promt for user names and password ? Correct / Wrong . Example 2 : If all the applications are SQL FBA applications , and my sharepoint 2010 application is also FBA CLaims , then When i place my SQL FBA claims apps on Sharepoitn 2010 application it should not ask for username  password. Correct/Wrong Example 3 : If My sharepoitn application supports both SQL FBA Claims  & Windows  , and my windows & FBA authenicated applications links are on my sharepoint application , it it should not ask for username  password Correct/Wrong

View Complete Post

More Related Resource Links

Security: Authenticate Users Across Organizations Using ADFS


Jack Couch looks at how to set up ADFS and when to use it; he then shows how to connect to an outside organization to offer single sign-on.

Jack Couch

MSDN Magazine December 2007

SharePoint 2010 AD FS 2.0 Integration - login works then fails, looping back to the adfs server

Hello, I setup SharePoint 2010 Claims auth with AD FS 2.0 following this post: http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx.  I have no access to the ADFS server, but I think they followed the steps as outlined.  If I do an iisreset (or just recycle the app pool of the SharePoint site) I can login successfully using the remote credentials.  Also I can under security in SharePoint search for and find users and roles from the remote ADFS server. If I close my browser, open a new browser and go to the site I am prompted to login again (this is fine).  I do, using the same credentials, and the login fails because I am redirected between the SP and ADFS servers until the ADFS server stops the redirecting.  I have been doing some digging and I found this post: http://blogs.technet.com/b/speschka/archive/2010/08/09/setting-the-login-token-expiration-correctly-for-sharepoint-2010-saml-claims-users.aspx, which describes the situation I have in point # 3 at the bottom.  I have tried setting the token time out as low as 1 second but this hasn't helped. I have also, just to see, tried setting all the other lifetime settings to 1 second - but no luck.  Because the initial login works I think the setup is correct, but something is maintaining some state that is causing the loop

Configuring SharePoint Foundation 2010 with ADFS 2.0 in a multi-tenant environment using subscripti

Hi, I am trying to configure SharePointFoundation 2010 and ADFS 2.0 in a multi-tenant environment, where I have one Web Application and two site collections, each one under one subscription.  At this point is still a very simple infrastructure with one single Domain, AD and ADFS.  My problem starts with the configuration of ADFS 2.0 as Identity Provider in SharePoint. Since I have only one web application, the directory for the incoming token is "_trust" is placed at the root level or the application. Is there a way to change the location where this directory is created, so I can have one distinct one for each one of my site collections ? Or in other words, is there a way to have on identity provider by site collection ?  Thank in you advance for any information on this.   --MD.      

sharepoint 2010 with adfs 2

i am planning to impletement sharepoint 2010 with  adfs 2. just one question here. i would need a remote domain with adfs 2, does that remote domain requires to be a 2003 domain or 2008 domain?  

ADFS integration as an Identity provider

I have read several articles on how to set up ADFS 2.0 and how to turn on ClaimsAuthentication as an Authentication Provider within SharePoint 2010.  However, I have thus far been unable to figure out how to get ADFS 2.0 to show up as an Identity Provider when I configure my SharePoint 2010 Authentication Provider.  I understand that some type of security or certificate trust has to occur in order for Sharepoint 2010 to recognize ADFS 2.0 as a trusted Identity provider, but I do not have any clear guidance as to how to configure this.  I have configured a domain controller with ADFS 2.0 using Active Directory as an Account Store as well as installed Sharepoint 2010 on this same server instance.  Any clarification and guidance on how to configure my Sharepoint 2010 instance to talk to ADFS and display as an IdentityProvider using ClaimsAuthentication would be greatly appreciated.    Thanks.

Creating custom IP-STS for sharepoint foundation 2010 without ADFS

I plan to create very simple custom IP-STS for SharePoint foundation 2010 without ADFS server so anyone can integrate Windows Live ID to SharePoint foundation 2010 simply without ADFS, I can't use ADFS server because it could not install on Windows Web Server 2008 (Web Edition), also I found many article use LDAP provider but it does not exists in SharePoint Foundation too (it requires Sharepoint Server Edition). After too much searching I just found the following article and find all technique except one problem. 1)    Creating Custom Claim Provider: http://blogs.technet.com/b/speschka/archive/2010/03/13/writing-a-custom-claims-provider-for-sharepoint-2010-part-1.aspx 2)    Creating Custom STS Provider: http://blogs.msdn.com/b/chunliu/archive/2010/04/02/how-to-make-use-of-a-custom-ip-sts-with-sharepoint-2010-part-1.aspx   Only one step remains: I got following error after enter username in STS site and redirect to http://localhost/_trust/default.aspx , ( I leave EncryptingCertificateName empty). Operation is not valid due to the current state of the object I expect to get access denied error instead of that error. Is it possible anyway? So does anyone know where can I ask my question except this community? Can anyone help me where can I find working article to create custom IP-STS without ADFS server Any idea will help me Thank

Claims Based Authentication with ADFS 2.0


I have setup the claims based environment with ADFS 2.0, everything is working fine but when i select my claims in the people picker its not validating weather the claim exists or not. its showing what ever i enter, as a result in the people picker page. I want to check if the claim exists then only the claim should be shown as a result and resolved.

can anyone guide me how to start and where to make modifications. So that i can pick claims only which i have created or existing.



Hi All,

We have applied the ADFC successfuly on our Moss 2007 environment. But we are not able to open the document in Office 2003 component.

But all the document are getting open in Office 2007 component. Any help or work around?


Need of ADFS when you have Windows Claims


Scenario is : All users - Intranet/Extranet/Partners will be in Active Directory only . There are no FBA requirements / Live ID etc etc . We plan to build a Intranet Portal , My Sites, Employees Collaboration Sites on a Single Sharepoint Farm . We  are Planning to go wth Claims as Authentication with Microsoft Recommendation though classic is sufficient for our current requirements as stated above .

Question is : a) Do i need ADFS2.0 ? Why will i need it ?

As per my knowledge , with all users in AD , i can use Sharepoint STS as Identity Provider STS in my case .... But i still with all my understanding using Sharepoint STS as Identity Provider is not a good idea though you have all users in AD .. i am guesing reason may be STS Administration ...
Please share some of your good ideas which help me understand and make my guys understand Need of ADFS for us .


Vipin Kumar Tanwar ( Technology Architect )

User Profile Import using ADFS 2.0



I've set up a lab environment with SharePoint 2010 using ADFS 2.0 as identity provider. Thanks to harbar's highly recommended blog everything works fine (though it took me some time ;-)).

My next goal is to configure User Profile Import. I've read Mark van Eijk's very helpful post and the thread on this forum. But still keep wondering how to configure this. My problem is that in the Edit synchroniztation connection dialog (section Connection Settings) there is no Authentication Provider Instance available after I chose Trusted Claims Provider Authentication. Any hint what's going wrong is very appreciated.

I've tried this as pre-step for my actual goal: I have some users from another domain who will log on my sharepoint. These users are organized in a foreign domain and there is no trust between "my" domain and the users' domain. I need to import the user profiles of these external users though. I had in mind to do this by using the ADFS claims as source for the user profile synchronization app

ADFS and SHarepoint 2010


Hi All,

    Can u please provide any good link for configuring sharepoint 2010 with ADFS 2.0.



ADFS 2.0+MOSS2010 Federation with Non Microsoft Federated system



We are trying to setup ADFS 2.0 and Non MS federated system. We have setup federation between MOSS 2010 and ADFS 2.0. Everything works fine and user can access moss 2010 successfully. However, we need to setup federation with non microsoft federated system which supports saml 2.0 with HTTP POST binding. We have added the non ms federated system identifier, endpoints successfully in ADFS. However, while testing the federation with non Microsoft system, we are getting Error verifying SAML AuthnRequest message. While analyzing the results, it looks like

The SAML AuthnRequest message is not signed and does not contain any AssertionConsumerServiceURL.


We have checked event viewer and everything. There are no logs as such which can identify the source of failure.


Any pointers will be very helpful.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend