Forum Discussion

Matt_Paleafei's avatar
Matt_Paleafei
Copper Contributor
Apr 30, 2020
Solved

SP 2016 ADFS 4.0 Federated Partner Authenticates, but doesn't Authorize

Resource Domain/Forest (resource.local) SP 2016 Farm in Resource Domain webapp.resource.local ADFS 4.0 configured on internal network of resource.local WAP configured in DMZ publishing adfs.resour...
2016
ADFS
sharepoint server
  • Trevor Seward's avatar
    Trevor Seward
    Apr 30, 2020
    What claims are you passing over the fed trust and what is the identity claim configured in SharePoint/sent by the RP from the resource domain ADFS?
Trevor Seward's avatar
Trevor Seward
MVP
Apr 30, 2020
What claims are you passing over the fed trust and what is the identity claim configured in SharePoint/sent by the RP from the resource domain ADFS?
Matt_Paleafei's avatar
Matt_Paleafei
Copper Contributor
Apr 30, 2020

Trevor Seward 

User ADFS Issuance

UPN - passthrough

Primary Sid - passthrough

Primary group SID - passthrough

Name - passthrough

UPN --> emailAddress

 

Resource ADFS

UPN - passthrough

Primary Sid - passthrough

Primary group SID - passthrough

Name - passthrough

Email - passthrough

UPN --> emailAddress

 

SharePoint Identifier Claim = email

 

Resources