This document assumes:

  • A Trusted Identity Token Issuer, referred to hereon as the Partner STS, has been created and enabled as an Authentication Provider for at least one SharePoint web application.
  • SAML token-based authentication has been successfully tested for the SharePoint web application using the Partner STS.
  • The Partner STS is configured to send the user identity claim type that will be used by SharePoint (for example, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress).
    Tip: Make note of the name of the Partner STS. You will need it when associating the Custom Claims Provider with the Partner STS. You can view all Trusted Identity Token Issuers and their names by executing the following command from the Management Shell: Get-SPTrustedIdentityTokenIssuer and looking at the Name attribute.
  • Connectivity and trust (for LDAPS connections) exists to all domain controllers that are to be searched.
  • A provisioned service account with read access for each domain controller to be searched is available.
  • The SharePoint Administration service must be running prior to installing the solution (.wsp) file.