Configure OIDC Authentication for multiple SharePoint web applications
Including info on the mysterious ScopedClientIdentifier property in SharePoint Server Subscription Edition (SPSE). Overview To configure multiple web applications in a single farm to use OIDC authentication with Entra ID, you have two options: Use a single Entra ID app registration for all web apps. Use separate Entra ID app registrations for each web app.
SharePoint Server – OIDC Authentication – Using Groups for Permission
SharePoint: Common NTLM Authentication Issues, aka: Consider Ditching NTLM
Update 4/1/22: Added Important note to Issues #2 and #6 Update 1/26/21: Added Issue #7 NTLM authentication is not great. It’s not the fastest. In most cases, that honor would go to Kerberos. It’s not the most secure. Again, Kerberos. It’s not all that flexible. For example, it doesn’t work well for extranets or anything cross-firewall.
SharePoint: SAML and FBA authentication fail from Word, Excel, Outlook, etc
Consider the following scenario: You have a SharePoint web application that uses Trusted Provider (SAML) authentication. When trying to open a Microsoft Office (Word, Excel, PowerPoint, etc) document from a SharePoint library, the Office app pops up a dialog with a “Sorry, something went wrong” error: Outlook calendar sync behavior: Users have SharePoint calendars that
Kerberos – KRB_AP_ERR_MODIFIED is not always an SPN problem
TLDR: This can also be caused by a mismatch in security policy “Network Security: Configure encryption types allowed for Kerberos“. Consider the following scenario: You have a web site set up to use Kerberos authentication. It doesn’t matter what kind of site, but we’ll say it’s a SharePoint site, since that’s the theme around
SharePoint: Users intermittently notice they are logged in as someone else
Problem: Intermittently users notice that they have automatically been logged in as a different user. For example, while browsing, you look in the upper right-hand corner of the page and see another users display name listed there. Clicking around more may result in switching back to yourself, or switching to another user altogether. Possible Causes:
SharePoint: Quick Troubleshooting Tip: Add the Account column to User Information List
Often while troubleshooting authentication or permission problems, you need to see the actual account name for the user or group added to permissions. This is particularly important in SAML / Trusted Provider authentication because the way the claim is being passed in the SAML assertion must match exactly with the way claim has been added