Tuesday, January 4, 2011

Sharepoint 2010, ADFS 2.0 and Roles

I actually copied this article from here. I have been working with ADFS a lot and know that before long this will come in handy so I wanted to save it on my blog.

February 6th, 2010 by Fredrik Lindström in ADFS, Windows Server 2008 R2

I’ve been tinkering quite a bit with Sharepoint 2010 and ADFS 2.0 lately and figured that this was worth sharing.

I followed the steps outlined in Travis Nielsen’s blog post to configure a federated identity provider in Sharepoint 2010 and configured ADFS 2.0 in my own way since our setup involves quite a few partner organizations. One thing that is not mentioned in the step by step guide is how to configure Sharepoint to accept role claims and assign access rights based on those claims.

The following Powershell snippet will do the trick

$issuer = Get-SPTrustedIdentityTokenIssuer
$issuer.ClaimTypes.Add(”http://schemas.microsoft.com/ws/2008/06/identity/claims/role“)
$map=New-SPClaimTypeMapping “http://schemas.microsoft.com/ws/2008/06/identity/claims/role” -IncomingClaimTypeDisplayName “Role” -SameAsIncoming
$issuer.AddClaimTypeInformation($map)
$issuer.Update()

After this the “Role” entry will show up in the people picker and you will be able to assign role claims to Sharepoint groups.

No comments: