none
SharePoint ADFS authentication RRS feed

  • Question

  • I am trying to configure ADFS trusted identity provider for SharePoint webapp. My goal is

    1. In the login screen a user with UPN xyzname@domain.com should be able to enter xyzname as user and password to login. 

    2. when user logs in to the site their name should appear on the top right (logged in name) side of the screen. Usually email appears when email is used for claims. 

    3. when I search for a user in the site permissions I only want to see one option instead of email, UPN, etc,,,

    So we created only UPN as LDAP attribute like screen below . Can I use below power shell to create trusted identity provider . I am using only one claim. Does it work that way ?

    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("D:\ADFS\Certs\ADFSSign.cer")
    $upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming
    $realm = "urn:SharePoint:sitename"
    $signinurl = "https://fs.domain/adfs/ls/"
    $ap = New-SPTrustedIdentityTokenIssuer -Name "ADFS" -Description "ADFS Federated Server" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $upnClaimMap -SignInUrl $signinurl -IdentifierClaim $upnClaimMap.InputClaimType

     I want to use UPN to login and also UPN to search for users in the SharePoint. Does it work. 

    Thank you


    @R



    • Edited by youlearn Wednesday, October 9, 2019 8:39 PM
    Wednesday, October 9, 2019 8:10 PM

All replies