First published on MSDN on May 17, 2011
In
Part 1
, we looked at getting ADFS actually installed, for Part 2, we will see what we need to do to get it workin...
Updated Jan 15, 2019
Version 2.0
Blog Post
AlanLaPietra
Microsoft
MicrosoftHi, I would like to add something to this great article.
I was configuring ADFS and SP 2016 and found some cmdlets are little different.
1. $realm = “urn:sharepoint:MyWebApp” --> needs to be written this way otherwise you'll get an error
2. I used:
$TrustedIdentity = New-SPTrustedIdentityTokenIssuer -Name “ADFS Authentication” -Description “ADFS Authentication” -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1 -SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType (you'll get an error when converting)
One that worked:
$TrustedIdentity = New-SPTrustedIdentityTokenIssuer -Name “ADFS Authentication” -Description “ADFS Authentication” -Realm $realm -ImportTrustCertificate $cert -SignInUrl $signinurl -IdentifierClaimIs USER-PRINCIPAL-NAME
3. Migrate Content DB to use SAML
https://docs.microsoft.com/en-us/SharePoint/security-for-sharepoint-server/migration-of-windows-claims-authentication-to-saml-based-claims-authentication-in-sharepoint-server --> In this case it didn't work with the PS in the article.
Worked with:
$wa = Get-WebApplication -Identity https://adfs.domain.com
$database = Get-SPContenctDatabase -Identity "Content Database"
"Convert-SPWebApplication -Identity $wa -database $database -from Claim-Windows -To Claims-Trusted-Default -TrustedProvider $ap -retainPermissions"