SharePoint Claim Authentication

Question

We are trying to authenticate users to SharePoint 2016 using IDP-Initiated SAML 2.0. The SAML token is generated from PingFederate and sent to ADFS which in turn sends it to SharePoint (Relying Party). The issue we are having is SharePoint still sends an SP-Initiated request to ADFS (/adfs/ls/?wa=wsignin1.0&amp;wtrealm=) which is forwarded to PingFederate but PingFederate does not support SP-Initiated requests and the authentication fails. How can we have a successful authentication to SharePoint in this scenario without going back to PingFederate. &nbsp;Thanks

nick brattoli · Answer

This is the correct answer. It looks like &nbsp;*sunglasses* Trevorishere. &nbsp;YEEEEEEAAAAHHHHHHHHH

nick brattoli · Answer

This is a tough one. Why are you feeding into ADFS from PingFederate, rather than straight from AD?

ramy farag · Answer

Hi Nick,&nbsp;AD is not the identity provider. We use a different LDAP directory with PingFederate as its Federation Server.

trevor seward · Answer

I have customers who integrate SharePoint with PingFed directly. You should be able to do this... one thing to note is that SharePoint only supports SAML 1.1.

ramy farag · Answer

Hi Trevor,&nbsp;That is what we tried initially. But we found out that the&nbsp;WS-Federation protocol is not enabled in PingFederate and there are no plans to enable it. That why we came up with the idea to use ADFS in the middle.&nbsp;

Forum Discussion

SharePoint Claim Authentication

7 Replies

Resources