cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Custom Claims Provider - Not possible to Login

LadislavStupak
Brass Contributor

‎Oct 08 2020 12:48 AM

‎Oct 08 2020 12:48 AM

Custom Claims Provider - Not possible to Login

Dear Ladies and Gentlemen,

 

I have set up Active Directory Federation Services (ADFS) on a server.

 

I have mapped User Profiles with the ADFS.

 

I have created a test user in Active Directory.

 

The Account Name in the User Profile of this Test User is following:

 

i:0e.t|trusted identity provider (adfs)|test_user2@stupak.ch

 

When I have placed this string into the people picker, people picker transformed this string into a link, which then has been added to the SharePoint group.

 

When I have clicked in the SharePoint group on this link, I have been redirected to the My Site of this user.

 

I could also login to the SharePoint site with this user.

 

After that I have deployed Custom Claims Provider and mapped the custom claims provider with the Trusted Identity Token Issuer:

 

$issuer = Get-SPTrustedIdentityTokenIssuer "Trusted Identity Provider (ADFS)"
$issuer.ClaimProviderName = "TestCustomClaimProvider2"
$issuer.Update()

 

When I have then selected the test user from the people picker, then I have received following link in the SharePoint Group:

 

c:0e.c|testcustomclaimprovider2|test_user2@stupak.ch

 

This Link does not lead to the User Profile and I also can not login into the SharePoint Site with this user.

 

Can you help me please?

 

Thank you very much.

 

With best regards

Ladislav Stupak

 

 

998 Views
0 Likes
1 Reply
Reply
1 Reply
LadislavStupak

‎Oct 23 2020 08:03 AM

‎Oct 23 2020 08:03 AM

Re: Custom Claims Provider - Not possible to Login

public class CustomClaimProvider : SPClaimProvider

{

 

// I have added following two objects into the custom claims provider class

// which inherits from the class SPClaimProvider

protected SPTrustedLoginProvider SPTrust;

 

protected string IssuerName => SPOriginalIssuers.Format(SPOriginalIssuerType.TrustedProvider, SPTrust.Name);

 

// I have added following two methods into the custom claims provider class

// which inherits from the class SPClaimProvider

public static SPTrustedLoginProvider GetSPTrustAssociatedWithCP(string providerInternalName)

        {

            var lp = SPSecurityTokenServiceManager.Local.TrustedLoginProviders.Where(x => String.Equals(x.ClaimProviderName, providerInternalName, StringComparison.OrdinalIgnoreCase));

 

            if (lp != null && lp.Count() == 1)

            {

                return lp.First();

            }

           

            return null;

        }

 

        protected bool Initialize()

        {

            bool initialized = false;

 

            if (SPTrust == null)

            {

                SPTrust = GetSPTrustAssociatedWithCP(ProviderInternalName);

                if (SPTrust != null)

                {

                    initialized = true;

                }

            }

            else

            {

                initialized = true;

            }

 

            return initialized;

        }

 

       // I have called the method Initialize in following four methods

protected override void FillHierarchy

protected override void FillResolve(Uri context, string[] entityTypes, string resolveInput, List<PickerEntity> resolved)

protected override void FillResolve(Uri context, string[] entityTypes, SPClaim resolveInput, List<PickerEntity> resolved)

protected override void FillSearch

 

// I have replaced the calls of the protected SPClaim CreateClaim(string       

// claimType, string value, string valueType); method which is inherited from  

// the SPClaimProvider with following method. This Method below has one        

// parameter more and therefore does not conflict with the method from the      

// SPCLaimProvider class. The important part of this method is the parameter   

// IssuerName. Because this value builds the middle part of the token. The token

// must have this part identical with the token issuer to be able to login into

// the SharePoint site.

protected virtual SPClaim CreateClaim(string type, string value, string valueType, bool inputHasKeyword)

       {           

            return new SPClaim(type, value, valueType, IssuerName);

}

}

 

Following source helped me to solve this issue:

https://ldapcp.com/

 

0 Likes
Reply