SharePoint: Check Permissions and External Tokens – ADFS (SAML auth)
This post is the third part of a series on the “Check Permissions” function. It’s focused on Trusted Provider authentication aka: SAML-claims. The way “Check Permissions” works varies by authentication method. For Windows or FBA auth, see my other posts: Windows-Claims Authentication: https://joshroark.com/sharepoint-troubleshooting-check-permissions-windows-auth/ Forms-based Authentication (FBA): https://joshroark.com/sharepoint-check-permissions-and-external-tokens-fba/ Notes: I’ll be talking about Active Directory Federation
SharePoint: Check Permissions and External Tokens – FBA
This post is a similar to my previous post on Check Permissions, except here, we’ll be talking about Forms-Based Authentication (FBA). The way “Check Permissions” works varies by authentication method. For Windows or Trusted Provider auth, see my other posts: Windows-Claims Authentication: https://joshroark.com/sharepoint-troubleshooting-check-permissions-windows-auth/ Trusted Provider Authentication: https://joshroark.com/sharepoint-check-permissions-and-external-tokens-adfs-saml-auth/ With Forms-Based Authentication, all of the same
SharePoint: Managed Metadata: The term is not a valid term
The main point of this post is to create awareness around the fact that you can use the CreateTerm PowerShell method on a TermSet object to create a new managed metadata term with a specified Term ID. You’ll have to read to the end to understand why that’s a big deal, and to see it
SharePoint 2010 – 2013: FIM Sync does not remove profiles for users that were deleted from AD
Consider the Following Scenario: You’re using SharePoint Profile Synchronization (FIM Sync) to import user profiles from Active Directory (AD) into a SharePoint 2010 or 2013 farm. Users that have been deleted in Active Directory still show active user profiles in the User Profile Service Application (UPA). They also show up in People Search results and
SharePoint: The Complete Guide to PortalSuperUserAccount and PortalSuperReaderAccount
What are the Super User and Super Reader accounts for? This is explained pretty well on Docs here: https://docs.microsoft.com/en-us/SharePoint/administration/configure-object-cache-user-accounts In general, they are used in the process of making SharePoint Publishing sites (any site using the publishing features) render quickly and efficiently. Please keep in mind that these accounts are not actually required to be
SharePoint: Users forced to re-authenticate unexpectedly
This post covers the scenario where users log in via Trusted Provider / SAML-claims, (like ADFS, Ping, Okta, Site Minder, etc) and intermittently, they are redirected back to the login page to re-authenticate. There are a few pieces of information you need for a scenario like this (beyond normal scoping): 1. Output of Get-SPSecurityTokenServiceConfig from one
SharePoint 2013: User Profile Incremental Synchronization timer job fails with Access Denied
Problem: Consider the following scenario:The User Profile Service (the web service, not the Sync service) is running on two servers in the farm: App1, App2.In that case, the <UPA name>- User Profile Incremental Synchronization timer job (internal name: ProfileImportJob) can run on either server. The User Profile Synchronization Service is running on App2.When the User