Category: Authentication

SharePoint: Facts and Troubleshooting the Claims To Windows Token Service (C2WTS)

Update: 8/5/19 — Made an amendment to Fact #3. Facts: 1. The Claims to Windows Token Service (from here on denoted as “C2WTS”) is only used when SharePoint needs to get data from an external system that does not understand claims.  Examples of features that can be configured to use C2WTS include, but are not

SharePoint: Issues with profile pictures when MySite uses SAML auth

  There are a couple known issues with user profile pictures when your Mysite web application uses Trusted Provider (ADFS / SAML) authentication. Symptoms There are two different known symptoms with the same cause and solution: #1When running User Profile Synchronization, nothing is imported or exported. In the Forefront Identity Manager (FIM) client, we see

SharePoint: Common NTLM Authentication Issues, aka: Consider Ditching NTLM

NTLM authentication is not great. It’s not the fastest. In most cases, that honor would go to Kerberos. It’s not the most secure. Again, Kerberos. It’s not all that flexible. For example, it doesn’t work well for extranets or anything cross-firewall. In those scenarios, Trusted Provider auth (SAML / WS-Fed) works well.  See: AD FS.