Thursday, May 16, 2013

Incoming claim types do not include Claim Type... error message in SharePoint 2010

I was working with my SharePoint development environment and I had to add new Claim Mappings to my SharePoint Server based on some new Claims that I was sending from ADFS.

One of my options was to completely remove the SP-TrustedIdentityTokenIssuer and then completely re-create it with the new Claim Mappings, but that was a bit of a hassle, so I searched for other ways to simply add new Claim Mappings.

I found a partial answer here:

However, as soon as I followed the instructions that were provided in the article, I received the following error message: Add-SPClaimTypeMapping: Incoming claim types do not include claim type '

Interestingly enough, this was the same error message the article was attempting to solve!

Fortunately, I came across this other article which offered a complete solution:

The key point to note is that you have to add the Claim Type to the TrustedIdentityTokenIssuer 1st, ONLY THEN you can add the Claim Type Mapping!!

 $SPTrustedIdp = Get-SPTrustedIdentityTokenIssuer "sts"  

 $GroupClaimType = ""  
 $groupClaim = New-SPClaimTypeMapping -IncomingClaimType $GroupClaimType -IncomingClaimTypeDisplayName "Group" -LocalClaimType $GroupClaimType  
 Add-SPClaimTypeMapping -Identity $groupClaim -TrustedIdentityTokenIssuer $SPTrustedIdp  

No comments:

Post a Comment