Forum Discussion

LadislavStupak's avatar
LadislavStupak
Brass Contributor
Oct 08, 2020

Custom Claims Provider - Not possible to Login

Dear Ladies and Gentlemen,   I have set up Active Directory Federation Services (ADFS) on a server.   I have mapped User Profiles with the ADFS.   I have created a test user in Active Directory...
LadislavStupak's avatar
LadislavStupak
Brass Contributor
Oct 23, 2020

public class CustomClaimProvider : SPClaimProvider

{

 

// I have added following two objects into the custom claims provider class

// which inherits from the class SPClaimProvider

protected SPTrustedLoginProvider SPTrust;

 

protected string IssuerName => SPOriginalIssuers.Format(SPOriginalIssuerType.TrustedProvider, SPTrust.Name);

 

// I have added following two methods into the custom claims provider class

// which inherits from the class SPClaimProvider

public static SPTrustedLoginProvider GetSPTrustAssociatedWithCP(string providerInternalName)

        {

            var lp = SPSecurityTokenServiceManager.Local.TrustedLoginProviders.Where(x => String.Equals(x.ClaimProviderName, providerInternalName, StringComparison.OrdinalIgnoreCase));

 

            if (lp != null && lp.Count() == 1)

            {

                return lp.First();

            }

           

            return null;

        }

 

        protected bool Initialize()

        {

            bool initialized = false;

 

            if (SPTrust == null)

            {

                SPTrust = GetSPTrustAssociatedWithCP(ProviderInternalName);

                if (SPTrust != null)

                {

                    initialized = true;

                }

            }

            else

            {

                initialized = true;

            }

 

            return initialized;

        }

 

       // I have called the method Initialize in following four methods

protected override void FillHierarchy

protected override void FillResolve(Uri context, string[] entityTypes, string resolveInput, List<PickerEntity> resolved)

protected override void FillResolve(Uri context, string[] entityTypes, SPClaim resolveInput, List<PickerEntity> resolved)

protected override void FillSearch

 

// I have replaced the calls of the protected SPClaim CreateClaim(string       

// claimType, string value, string valueType); method which is inherited from  

// the SPClaimProvider with following method. This Method below has one        

// parameter more and therefore does not conflict with the method from the      

// SPCLaimProvider class. The important part of this method is the parameter   

// IssuerName. Because this value builds the middle part of the token. The token

// must have this part identical with the token issuer to be able to login into

// the SharePoint site.

protected virtual SPClaim CreateClaim(string type, string value, string valueType, bool inputHasKeyword)

       {           

            return new SPClaim(type, value, valueType, IssuerName);

}

}

 

Following source helped me to solve this issue:

https://ldapcp.com/

 

Resources