WSS3.0, multiple providers, same user RRS feed

  • Question

  • Hello,


    I'm delegating the Authentication of my Sharepoint site to a Single Sign On solution named OpenAM. It works well.

    The mapping fonction is used to create 3 areas, the first is the intranet, the second is the extranet for the company's users with reduced rights, and the last is another extranet for our customers with reduced rights.

    The two first areas are using the same Active Directory / LDAP to identify the authenticated users, but there provider can not have the same name (I can not give the same name else sharepoint have an error).


    Is there a way to merge users recognised by different providers (in my case the first are named ldapmembership1:username and the second are named ldapmembership2:username) ?



    I don't know if I am very clear, if you want more explanation do not hesitate to ask.

    Thanks in advance for your help,





    I'm thinking about another solution, is there a way to declare the same provider for the two different zones ?

    • Moved by Mike Walsh FIN Monday, August 8, 2011 2:15 PM admin q (From:SharePoint - General Question and Answers and Discussion (pre-SharePoint 2010))
    • Edited by Mike Walsh FIN Tuesday, August 9, 2011 1:29 PM Later section added. User made a new reply rather than editing his original post.
    Monday, August 8, 2011 2:04 PM

All replies

  • Hi Arnaud,

    Windows SharePoint Services 3.0 does not allow a Web application to work with the same provider name across multiple zones.

    You can configure the Web.config file to use the same provider for each zone; however, the name of the provider has to be unique for each zone. For more information, please refer to:


    Qiao Wei

    Wednesday, August 10, 2011 12:12 PM
  • Hello Qiao Wei,


    Thanks for your answer.

    Do you know if there is a way to merge two instances of a user identified by the same provider, but due to the Sharepoint limitation, prefixed with two different provider name?

    For example to merge ldapmembership1:arnaud and ldapmembership2:arnaud, making reference to the same user, in a user named ldapmembership:arnaud, or to re-use one of the two existing users ?


    Thanks again,



    Wednesday, August 10, 2011 12:25 PM
  • the suggestion solution for this issue that you create a custom provider connect to multiple provides [AD,SQL,..] which this is called Mixed Authentication then create a custom login page to implement SSO


    Wednesday, August 10, 2011 8:19 PM
  • Hello Fadi,


    The SSO part works well, OpenAM (named OpenSSO when  it was a Sun product) authenticates the users and then Sharepoint just identifies them, and applies the authorizations.

    My problem is that I have an internal zone with pseudo-full rights for users, and an external zone with limited rights. When we were using windows authentication there was the same provider, and users were authenticated as DOMAIN\Username, but Sharepoint does not allow us to use the same name for the provider, even if it point to the same resource.





    Thursday, August 11, 2011 7:24 AM
  • I don't have any idea about OpenSSO product but maybe this url helpful :



    Regards, Fadi Abdulwahab. http://sqlgoogler.blogspot.com/ Please click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if a post has been useful to you
    • Marked as answer by Qiao WeiModerator Sunday, August 21, 2011 11:10 AM
    • Unmarked as answer by Arnaud_F Monday, August 22, 2011 7:05 AM
    Monday, August 15, 2011 3:28 PM
  • Hello,


    Sorry for my late response, I was on holidays last week.


    Thanks again for your answers, but my problem is not related with OpenAM/OpenSSO, but with the architecture of my application and the Sharepoint limitations.






    Monday, August 22, 2011 7:12 AM