Category: SharePoint 2013

SharePoint: Check Permissions and External Tokens – ADFS (SAML auth)

This post is the third part of a series on the “Check Permissions” function. It’s focused on Trusted Provider authentication aka: SAML-claims. The way “Check Permissions” works varies by authentication method. For Windows or FBA auth, see my other posts: Windows-Claims Authentication: https://joshroark.com/sharepoint-troubleshooting-check-permissions-windows-auth/ Forms-based Authentication (FBA): https://joshroark.com/sharepoint-check-permissions-and-external-tokens-fba/ Notes: I’ll be talking about Active Directory Federation

SharePoint: Check Permissions and External Tokens – FBA

This post is a similar to my previous post on Check Permissions, except here, we’ll be talking about Forms-Based Authentication (FBA). The way “Check Permissions” works varies by authentication method. For Windows or Trusted Provider auth, see my other posts: Windows-Claims Authentication: https://joshroark.com/sharepoint-troubleshooting-check-permissions-windows-auth/ Trusted Provider Authentication: https://joshroark.com/sharepoint-check-permissions-and-external-tokens-adfs-saml-auth/   With Forms-Based Authentication, all of the same

SharePoint: Managed Metadata: The term is not a valid term

The main point of this post is to create awareness around the fact that you can use the CreateTerm PowerShell method on a TermSet object to create a new managed metadata term with a specified Term ID. You’ll have to read to the end to understand why that’s a big deal, and to see it

SharePoint: The Complete Guide to PortalSuperUserAccount and PortalSuperReaderAccount

What are the Super User and Super Reader accounts for? This is explained pretty well on Docs here: https://docs.microsoft.com/en-us/SharePoint/administration/configure-object-cache-user-accounts In general, they are used in the process of making SharePoint Publishing sites (any site using the publishing features) render quickly and efficiently. Please keep in mind that these accounts are not actually required to be

SharePoint: Users forced to re-authenticate unexpectedly

This post covers the scenario where users log in via Trusted Provider / SAML-claims,  (like ADFS, Ping, Okta, Site Minder, etc) and intermittently, they are redirected back to the login page to re-authenticate. There are a few pieces of information you need for a scenario like this (beyond normal scoping): 1. Output of Get-SPSecurityTokenServiceConfig from one

SharePoint 2013: User Profile Incremental Synchronization timer job fails with Access Denied

Problem: Consider the following scenario:The User Profile Service (the web service, not the Sync service) is running on two servers in the farm: App1, App2.In that case, the <UPA name>- User Profile Incremental Synchronization timer job (internal name: ProfileImportJob) can run on either server. The User Profile Synchronization Service is running on App2.When the User