Re: MOSS and ADFS
- From: Jignesh Shah <JigneshShah@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 30 Nov 2006 13:17:02 -0800
Eric,
If you haven't tried this already,
Change your assembly name
FROM : Microsoft.SharePoint.Portal.SingleSignOn
TO : Microsoft.SharePoint.Portal.SingleSignon
Notice the small o on 'on' part at the end. That has changed recently (in
RTM i believe)
"Eric" wrote:
Joe,.
The changes we made are listed below. These came from an MS support person
who has ADFS running with MOSS'07. The line where we create the reference to
SingleSignOnMembershipProvider2 seems to be where the errors occur. MOSS
does not have a any .dll file in the assembly that match this reference and I
am not really sure where to create. The ADFS side appears to be doing
evevything it is supposed to but MOSS is getting confused on how to handle
the token.
thanks,
Eric
* Central Admin Page:
o Click application management -> authentication providers
o Click "Windows" for the selected web application.
o Select Web Single Sign On radio button.
o Enter "SingleSignOnMembershipProvider2" in the membership provider
section.
o Enter "SingleSignOnRoleProvide2" in the role provider section.
* Change the web.config file for the admin page:
- register the membership provider and the role manager in the
web.config file for the central admin (so that the people picker on the
central admin pages can correctly resolve the users). Add the following entry
after the <authentication> section in the web.config file for the central
admin. (change fs-server to be your server name)
<membership>
<providers>
<add name="SingleSignOnMembershipProvider2"
type="System.Web.Security.SingleSignOn.SingleSignOnMembershipProvider2,
System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35"
fs="https://fs-server/adfs/fs/federationserverservice.asmx"; />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<remove name="AspNetSqlRoleProvider" /> <add
name="SingleSignOnRoleProvider2"
type="System.Web.Security.SingleSignOn.SingleSignOnRoleProvider2,
System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35"
fs="https://fs-server/adfs/fs/federationserverservice.asmx"; />
</providers>
</roleManager>
NOTE: You may not need the "fs=https://fs-..."; in the membership and role
sections when the <websso> section follows. The providers will use the
<fs>https://fs-server/adfs/fs/federationserverservice.asmx</fs> setting from
<websso> (but I haven't tried it yet. You may want to try and confirm it)
- Add this section the web.config file for the central admin after the
<PeoplePickerWildcards> node.
<add key="SingleSignOnMembershipProvider2" value="" />
* Change the web.config file for the wss site.
<sectionGroup name="system.web">
<section name="websso"
type="System.Web.Security.SingleSignOn.WebSsoConfigurationHandler,
System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35, Custom=null" /> </sectionGroup>
- Add this section to the <httpModules> node
<add name="Identity Federation Services Application Authentication Module"
type="System.Web.Security.SingleSignOn.WebSsoAuthenticationModule,
System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35, Custom=null" />
- Add this section after the <authentication node>, change "fs-server" to
your server name. Change "your_application" to be your application URL
<membership defaultProvider="SingleSignOnMembershipProvider2">
<providers>
<add name="SingleSignOnMembershipProvider2"
type="System.Web.Security.SingleSignOn.SingleSignOnMembershipProvider2,
System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35"
fs="https://fs-server/adfs/fs/federationserverservice.asmx"; />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="SingleSignOnRoleProvider2">
<providers>
<add name="SingleSignOnRoleProvider2"
type="System.Web.Security.SingleSignOn.SingleSignOnRoleProvider2,
System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35"
fs="https://fs-server/adfs/fs/federationserverservice.asmx"; />
</providers>
</roleManager>
<websso>
<authenticationrequired />
<auditlevel>55</auditlevel>
<urls>
<returnurl>https://your_application</returnurl>
</urls>
<cookies Persistent="True">
<path>/</path>
</cookies>
<fs>https://fs-server/adfs/fs/federationserverservice.asmx</fs>
<!-- usettp / -->
<isSharePoint />
</websso>
- Add this section to the <PeoplePickerWildcards>node.
<add key="SingleSignOnMembershipProvider2" value="" />
* Modify machine.config file (in the folder of ASP.NET V2.0). Add the
following section (red part).
<sectionGroup name="system.web"
type="System.Web.Configuration.SystemWebSectionGroup, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<section name="websso"
type="System.Web.Security.SingleSignOn.WebSsoConfigurationHandler,
System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35, Custom=null" />
</sectionGroup>
"Joe Kaplan" wrote:
When you say you added that line to the web.config, where did you add it?
Also, where is that assembly coming from? It isn't one of the ADFS
assemblies that comes with the normal R2 install. Does that come with some
hotfix release of ADFS or something?
If you want to go looking for the assemblies that do come with ADFS, they
are installed in the global assembly cache, not in the bin directory.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Eric" <Eric@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A2B5797D-A596-4D7B-9585-D844440DC1C3@xxxxxxxxxxxxxxxx
I know this might be a big headache waiting to happend, but I am trying to
get ADFS to work in a simple environment using MOSS as the ASP
applications I
wish to access. The setup is one Web Client and one FS . I have been
working with Microsoft Support to get this running and it seems to almost
be
there. The tokens are getting passed back to the webserver from the FS.
The
problem is actually on webserver. I am getting the following exception
error:
Could not load file or assembly
'System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its
dependencies.
The system cannot find the file specified. (c:\inetpub\wwwroot\web.config
line 124)
This is actually a line that we have added into the web.config. Prior to
adding this the webserver would not accept the token for the federation
server. The problem now seems to be it does not know what to do with it.
I
have looked in the assembly directory for
"System.Web.Security.SingleSignOn.PartialTrust" but it does not exist.
myself and support have been beating ourselves up on this for the past 3
or 4
days and are not getting anywhere. As I am not much of a Sharepoint
person I
was wondering if anybody here could lend a hand. I am also going to post
this in the discussion forum for MOSS.
I wanted to point out that I have gotten this work on Sharepoint 2003, the
problem somewhere lies with MOSS and ADFS authenication tokens.
Thanks,
Eric
- References:
- Re: MOSS and ADFS
- From: Eric
- Re: MOSS and ADFS
- Prev by Date: Re: AD Domain Controller Networking question
- Next by Date: Re: Permissions across 2 Forrest
- Previous by thread: Re: MOSS and ADFS
- Next by thread: Re: MOSS and ADFS
- Index(es):
Loading
