I recently encountered an issue whereby I was unable to authenticate against my SharePoint 2010 SP1 installation with ADFS v. 2.0.
I had followed each and every single step to properly configure my ADFS v. 2.0 installation in conjunction with my SharePoint 2010 SP1 installation, but I continued to receive an "Access Denied" error message.
I could verify that the authentication process was being redirected to ADFS v. 2.0 since I was getting the ADFS v. 2.0 authentication prompt and when I hit my SharePoint site, I saw that it was receiving the Claims from ADFS in the form my configured e-mail address.
So, after spending several hours on the phone with Microsoft support, we were able to determine that my User Policy screen did not look correct. It was missing the "SAML Provider" option amongst the list of available Claims providers!
This is how the User Policy screen SHOULD look like:
Therefore, based on some further investigation, Microsoft determined that I needed to apply the June 2011 CU (minimally) to resolve this issue. Apparently, even though SharePoint 2010 SP1 can be downloaded directly from MSDN, this version is insufficient to have a completely working installation using Claims-based Authentication.
You can download the June 2011 CU (and later cumulative updates) from here:
http://technet.microsoft.com/en-us/sharepoint/ff800847
Needless to say, after applying the SharePoint Foundation 2010 and SharePoint Server 2010 June 2011 CU, my SharePoint site was able to successfully authenticate using ADFS!!
Interestingly enough, I just recently found this article which describes this issue (of course, after I have already solved the issue with MSDN Support):
http://blogs.technet.com/b/speschka/archive/2011/07/19/saml-alert-for-sharepoint-2010-if-you-apply-sp1-follow-up-with-june-cu.aspx
So, if you are setting up an installation of SharePoint 2010 for the first time, make sure that you install AT LEAST 1 Cumulative Update after the application of SP1 or you will probably face the same problem I encountered!
I had followed each and every single step to properly configure my ADFS v. 2.0 installation in conjunction with my SharePoint 2010 SP1 installation, but I continued to receive an "Access Denied" error message.
I could verify that the authentication process was being redirected to ADFS v. 2.0 since I was getting the ADFS v. 2.0 authentication prompt and when I hit my SharePoint site, I saw that it was receiving the Claims from ADFS in the form my configured e-mail address.
So, after spending several hours on the phone with Microsoft support, we were able to determine that my User Policy screen did not look correct. It was missing the "SAML Provider" option amongst the list of available Claims providers!
This is how the User Policy screen SHOULD look like:
Therefore, based on some further investigation, Microsoft determined that I needed to apply the June 2011 CU (minimally) to resolve this issue. Apparently, even though SharePoint 2010 SP1 can be downloaded directly from MSDN, this version is insufficient to have a completely working installation using Claims-based Authentication.
You can download the June 2011 CU (and later cumulative updates) from here:
http://technet.microsoft.com/en-us/sharepoint/ff800847
Needless to say, after applying the SharePoint Foundation 2010 and SharePoint Server 2010 June 2011 CU, my SharePoint site was able to successfully authenticate using ADFS!!
Interestingly enough, I just recently found this article which describes this issue (of course, after I have already solved the issue with MSDN Support):
http://blogs.technet.com/b/speschka/archive/2011/07/19/saml-alert-for-sharepoint-2010-if-you-apply-sp1-follow-up-with-june-cu.aspx
So, if you are setting up an installation of SharePoint 2010 for the first time, make sure that you install AT LEAST 1 Cumulative Update after the application of SP1 or you will probably face the same problem I encountered!
No comments:
Post a Comment