I was working with my SharePoint development environment and I had to add new Claim Mappings to my SharePoint Server based on some new Claims that I was sending from ADFS.
One of my options was to completely remove the SP-TrustedIdentityTokenIssuer and then completely re-create it with the new Claim Mappings, but that was a bit of a hassle, so I searched for other ways to simply add new Claim Mappings.
I found a partial answer here: http://blogs.dirteam.com/blogs/tomek/archive/2010/07/14/adding-claim-mapping-to-existing-provider-in-sps-2010-part-deux.aspx
However, as soon as I followed the instructions that were provided in the article, I received the following error message: Add-SPClaimTypeMapping: Incoming claim types do not include claim type 'http://schemas.xmlsoap.org/claims/Group
Interestingly enough, this was the same error message the article was attempting to solve!
Fortunately, I came across this other article which offered a complete solution: http://www.theidentityguy.com/articles/2010/10/19/adding-claims-to-an-existing-token-issuer-in-sharepoint-2010.html
The key point to note is that you have to add the Claim Type to the TrustedIdentityTokenIssuer 1st, ONLY THEN you can add the Claim Type Mapping!!
One of my options was to completely remove the SP-TrustedIdentityTokenIssuer and then completely re-create it with the new Claim Mappings, but that was a bit of a hassle, so I searched for other ways to simply add new Claim Mappings.
I found a partial answer here: http://blogs.dirteam.com/blogs/tomek/archive/2010/07/14/adding-claim-mapping-to-existing-provider-in-sps-2010-part-deux.aspx
However, as soon as I followed the instructions that were provided in the article, I received the following error message: Add-SPClaimTypeMapping: Incoming claim types do not include claim type 'http://schemas.xmlsoap.org/claims/Group
Interestingly enough, this was the same error message the article was attempting to solve!
Fortunately, I came across this other article which offered a complete solution: http://www.theidentityguy.com/articles/2010/10/19/adding-claims-to-an-existing-token-issuer-in-sharepoint-2010.html
The key point to note is that you have to add the Claim Type to the TrustedIdentityTokenIssuer 1st, ONLY THEN you can add the Claim Type Mapping!!
$SPTrustedIdp = Get-SPTrustedIdentityTokenIssuer "sts"
$SPTrustedIdp.ClaimTypes.Add("http://schemas.xmlsoap.org/claims/Group")
$SPTrustedIdp.Update()
$GroupClaimType = "http://schemas.xmlsoap.org/claims/Group"
$groupClaim = New-SPClaimTypeMapping -IncomingClaimType $GroupClaimType -IncomingClaimTypeDisplayName "Group" -LocalClaimType $GroupClaimType
Add-SPClaimTypeMapping -Identity $groupClaim -TrustedIdentityTokenIssuer $SPTrustedIdp
This design is incredible! You definitely know how to keep a reader amused. I was almost moved to start my own blog μ¨λΌμΈμΉ΄μ§λ Έ
ReplyDeleteFantastic job. I really enjoyed
ReplyDeletewhat you had to say, and more than that, how you presented it.
Too cool! λ©μ΄μ μ¬μ΄νΈ
Thank you for your idea. You are such an incredible problem solver. 릴κ²μ
ReplyDeleteSuch an incredible post with great informative content. Please keep me updated in this article. Share some more ideas in this article. Now its time to avail chauffeur service houston for more information.
ReplyDelete