Oct 08 2020 12:48 AM
Dear Ladies and Gentlemen,
I have set up Active Directory Federation Services (ADFS) on a server.
I have mapped User Profiles with the ADFS.
I have created a test user in Active Directory.
The Account Name in the User Profile of this Test User is following:
i:0e.t|trusted identity provider (adfs)|test_user2@stupak.ch
When I have placed this string into the people picker, people picker transformed this string into a link, which then has been added to the SharePoint group.
When I have clicked in the SharePoint group on this link, I have been redirected to the My Site of this user.
I could also login to the SharePoint site with this user.
After that I have deployed Custom Claims Provider and mapped the custom claims provider with the Trusted Identity Token Issuer:
$issuer = Get-SPTrustedIdentityTokenIssuer "Trusted Identity Provider (ADFS)"
$issuer.ClaimProviderName = "TestCustomClaimProvider2"
$issuer.Update()
When I have then selected the test user from the people picker, then I have received following link in the SharePoint Group:
c:0e.c|testcustomclaimprovider2|test_user2@stupak.ch
This Link does not lead to the User Profile and I also can not login into the SharePoint Site with this user.
Can you help me please?
Thank you very much.
With best regards
Ladislav Stupak
Oct 23 2020 08:03 AM
public class CustomClaimProvider : SPClaimProvider
{
// I have added following two objects into the custom claims provider class
// which inherits from the class SPClaimProvider
protected SPTrustedLoginProvider SPTrust;
protected string IssuerName => SPOriginalIssuers.Format(SPOriginalIssuerType.TrustedProvider, SPTrust.Name);
// I have added following two methods into the custom claims provider class
// which inherits from the class SPClaimProvider
public static SPTrustedLoginProvider GetSPTrustAssociatedWithCP(string providerInternalName)
{
var lp = SPSecurityTokenServiceManager.Local.TrustedLoginProviders.Where(x => String.Equals(x.ClaimProviderName, providerInternalName, StringComparison.OrdinalIgnoreCase));
if (lp != null && lp.Count() == 1)
{
return lp.First();
}
return null;
}
protected bool Initialize()
{
bool initialized = false;
if (SPTrust == null)
{
SPTrust = GetSPTrustAssociatedWithCP(ProviderInternalName);
if (SPTrust != null)
{
initialized = true;
}
}
else
{
initialized = true;
}
return initialized;
}
// I have called the method Initialize in following four methods
protected override void FillHierarchy
protected override void FillResolve(Uri context, string[] entityTypes, string resolveInput, List<PickerEntity> resolved)
protected override void FillResolve(Uri context, string[] entityTypes, SPClaim resolveInput, List<PickerEntity> resolved)
protected override void FillSearch
// I have replaced the calls of the protected SPClaim CreateClaim(string
// claimType, string value, string valueType); method which is inherited from
// the SPClaimProvider with following method. This Method below has one
// parameter more and therefore does not conflict with the method from the
// SPCLaimProvider class. The important part of this method is the parameter
// IssuerName. Because this value builds the middle part of the token. The token
// must have this part identical with the token issuer to be able to login into
// the SharePoint site.
protected virtual SPClaim CreateClaim(string type, string value, string valueType, bool inputHasKeyword)
{
return new SPClaim(type, value, valueType, IssuerName);
}
}
Following source helped me to solve this issue: