This post covers the scenario where users log in via a trusted provider / SAML-claims (like ADFS, Ping, Site Minder, etc) and intermittently, they are redirected to the login page to re-authenticate. There are a few pieces of information you need for a scenario like this (beyond the regular scoping): 1. Output of Get-SPSecurityTokenServiceConfig2. A Fiddler trace
Update: 8/5/19 — Made an amendment to Fact #3. Facts: 1. The Claims to Windows Token Service (from here on denoted as “C2WTS”) is only used when SharePoint needs to get data from an external system that does not understand claims. Examples of features that can be configured to use C2WTS include, but are not
There are a couple known issues with user profile pictures when your Mysite web application uses Trusted Provider (ADFS / SAML) authentication. Symptoms There are two different known symptoms with the same cause and solution: #1When running User Profile Synchronization, nothing is imported or exported. In the Forefront Identity Manager (FIM) client, we see
NTLM authentication is not great. It’s not the fastest. In most cases, that honor would go to Kerberos. It’s not the most secure. Again, Kerberos. It’s not all that flexible. For example, it doesn’t work well for extranets or anything cross-firewall. In those scenarios, Trusted Provider auth (SAML / WS-Fed) works well. See: AD FS.