ADFS Claims Authentication, Configuring UPA and People Picker

Hi,
I am just trying to get my head around setting up ADFS to authenticate users along with allowing UPA (My Sites) and People Picker to work.
So, my environment is a WFE and an SQL Server offsite and my AD and ADFS 2.0 server onsite.  We have configured SharePoint as below and applied the Claims Provider to my Intranet web app and My Sites web app and I can login in with my
account as [email protected] (UPN)
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("E:\ADFS_SelfSigned.cer")
New-SPTrustedRootAuthority -Name "ADFS Self Signed” -Certificate $cert
$map1 = New-SPClaimTypeMapping "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "Account ID" –SameAsIncoming
$map2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" –SameAsIncoming
$map3 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" –SameAsIncoming
$realm = “https://intranet.domain.com.au/_trust/”
$signinurl = “https://adfs01.domain.com.au/adfs/ls/”
$ap = New-SPTrustedIdentityTokenIssuer –Name "SAML Provider" -Description "My Custom Identity Provider" –Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1,$map2,$map3 –SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType
$uri = new-object System.Uri("https://adfs01.domain.com.au/adfs/ls/")
$ap.ProviderRealms.Add($uri, " https://mysites.domain.com.au/_trust/")
$ap.Update()
iisreset
When trying to configure a new synchronisation connection> Activery Directory Import under the User Profile Service Application, I get an error saying it can't connect to the Domain Controller which would make sense as they are not on the
same domain.
I believe that MS have a sync utility that works with Office365/MS Cloud - is there a similar solution available for my configuration? 

AD import still uses LDAP/ADSI... ADFS cannot be used DIRECTLY as a sync source, since it is NOT a QUERYABLE technology. It is an AUTHENTICATION technology. UPS syncs to a QUERYABLE data source like LDAP/ADSI, and maps one of the properties to the ADFS login
(most people choose email or UPN, though I tend to recommend SID for various reasons).
Also, since people picker displays a SEARCH window, and since ADFS is not a QUERYABLE technology, the people picker (by default) ASSUMES that whatever you type in will be VALID. You can SEARCH the UPS, but if you type an email address or something of that
nature, it is NOT going to SEARCH your directory! To address this, you need to install a custom Identity Provider... one is available on CodePlex, which performs an LDAP search against the domain controller... if that's not an option, you need a custom coded
solution.
Scott Brickey
MCTS, MCPD, MCITP
www.sbrickey.com
Strategic Data Systems - for all your SharePoint needs

Similar Messages

  • Issue with Anonymous Authentication and People Picker and reports

    Hello,
    We are having an issue with sharepoint 2013 where we have reports that get published to sharepoint via visual studio and we use the people picker for different list.
    The overall issue is SSRS does not work if Anonymous Authentication is enabled which caused this error when trying to publish a report:
    The permissions granted to user 'NT AUTHORITY\ANONYMOUS LOGON' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException:
    The permissions granted to user 'NT AUTHORITY\ANONYMOUS LOGON' are insufficient for performing this operation
    However, if we disable Anonymous Authentication, the people picker search option does not work and we get there error:
    Sorry, we're having trouble reaching the server.
    I found this web blog on a solution, https://blog.karstein-consulting.com/2014/02/18/sharepoint-2013-people-picker-error-sorry-were-having-trouble-reaching-the-server/
    however this did not work.
    Does anyone have ant other suggestions?

    Hi JCrescenzo,
    Please try to get the property of the people picker, perhaps there is a rule that implemented on your environment:
    stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter -url 
    http://site_collection_url
    If yes, clear it by running:
    stsadm -o setproperty -propertyname peoplepicker-searchadcustomfilter -propertyvalue " " -url
    http://site_collection
    There are two similar posts, please check if they are useful for you:
    https://social.technet.microsoft.com/Forums/en-US/621d439b-f2eb-4dc2-8797-eb7f2f3996e4/people-picker-returning-search-filter-is-invalid-in-uls-log-when-searching-for-users?forum=sharepointgeneralprevious
    https://gavinmckay.wordpress.com/2011/07/15/troubleshooting-sharepoint-2010-claims-based-authentication-with-active-directory-lightweight-directory-services-ad-lds/
    Best Regards,
    Wendy
    Wendy Li
    TechNet Community Support

  • WSS 3.0 and people picker "No exact match was found"

     
    We have installed WSS 3.0 in a farm environment with several  Web Applications and Top Level Site Collection.  After running the  stsadm.exe -o setproperty  -pn "peoplepicker-searchadforests"  …. command we get error message "No exact match was found"  when using WSS 3.0 Central Administration  to create Site Collections Administrators by writing  <ad name>\<uid>.  Using the Address Book gives the error message "There was an error in the callback" .  Creating users from IE works. Somebody who knows how to solve our problem.   

     
    Hello,
    Cause of your issue is that you are using PeoplePicker to add users across domains. If you want to get the people picker working, you need to configure following commands on SharePoint server:
    A.  stsadm.exe -o setapppassword -password <somekey> - this command is use as encrypt\decrypt key
    B.  stsadm.exe –o setproperty –pn peoplepicker-searchadforests –pv <list of forests or domains> -url <webapp> - this command is use to set the property for a specific web application.
    After running both commands above,  run IISRESET to see if it will work.
    If the problems still exist, please feel free to let me know.
    Regards,
    Jerry
    Xing-Bing Yu

  • Created By field and Modified By field and People Picker field values are hidden to other Users

    Hi,
    We have a strange permission issue in one of the MOSS-2007 server farm. The users are not able to see each other name in "created by" and "modified by" column value in lists and libraries. For example if "User A" create an item in a list then if "User B" opens that item then he cannot see "created by" and "modified by" column value and vice-versa. But they can see their name in "created by" and "modified by" column but not others. Both the users has contribute access to that list, so both can edit each other data but cannot see each other name.
    This become a bigger issue, if any of tje list has people picker column, then thay cannot see that column value(if that column value does not his/her own name). This means this column value will be always empty for "user A" when that peopel picker value is anything other than "User A". This happens for all the lists and libraries. 
    Even "User A" and "User B" are owner of that site, it behaves the same. But site collection administrator can see  "created by" and "modified by" for all items for all the users.
    It seems very strange for me. any help on this will be appreciated.
    Thanks in advance,
    Sanban

    Hi,
    You can try to create a new standard view, then select “created by” and “modified by” column under columns, next apply this view, finally check the effect.
    Did you customize the permissions of the list or document library? Did you customize the permission of the item? For example, break the permission inheritance form its parents. If so, try to inherit permission from its parents, after that create a new standard view according to the steps above, then check the effect.
    By default, permissions on lists, libraries, folders, items, and documents are inherited from the parent site. However, you can break this inheritance for any securable object at a lower level in the hierarchy by editing the permissions on that securable object (that is, creating a unique permission assignment) . For example, you can edit the permissions for a document library, which breaks the permissions inheritance from the site.
    You can also try to create a new document library, then create a new document with user A, after that log into with user B, check the effect.
    For more information about  SharePoint : page level permissions, please refer to the following article:
    SharePoint : page level permissions
    http://blogs.msdn.com/brettrobinson/archive/2009/04/24/sharepoint-page-level-permissions.aspx
    For more information about control access to sites, please look into the following articles:
    About controlling access to sites and site content
    http://office.microsoft.com/en-us/sharepointtechnology/HA101001441033.aspx
    Permission levels and permissions
    http://office.microsoft.com/en-us/sharepointtechnology/HA101001491033.aspx
    For more information about how to create a view, please refer to the following article:
    Create or change a view
    http://office.microsoft.com/en-us/help/HA100215771033.aspx
    Hope this helps.
    Rock Wang
    Rock Wang– MSFT

  • Third Party Solution that allows Azure AD Group Augmentation and People Picker query in SharePoint 2013

    Hi Guys,
    It would be very helpful to me if anyone can share any 3rd party solution for the above feature?
    I found a solution http://azurecp.codeplex.com/ which is really a very good solution and does what I want. As this is a critical requirement to my SharePoint, there needs a certain level of support (or call it Official Support) which is more justifiable
    at management level. Hence, please share if you happen to know one please.
    Cheng

    Hi,
    As you said, AzureCP is third party solution, this is third party tools.
    https://azurecp.codeplex.com/releases/view/125008
    Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding
    this product's performance or reliability.
    Please refer to the following articles about intergrating sharepoint 2013 with Azure Active Directory:
    Integrating SharePoint 2013 with Azure Active Directory – Part 1 Configuration
    http://blogs.technet.com/b/speschka/archive/2013/05/10/integrating-sharepoint-2013-with-azure-active-directory-part-1-configuration.aspx
    Using Microsoft Azure Active Directory for SharePoint 2013 authentication
    http://technet.microsoft.com/en-us/library/dn635311(v=office.15).aspx
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Image Picker and People Picker secret

    Hi again
    For some time I was trying to get rid of 'Cancel' button in UIImagePicker and ABPeoplePickerNavigationController. Even though I previously managed to remove unnecesary stuff from ABPeoplePickerNavigationController, it looks like removing 'Cancel' button is beyond my skills No matter what I do, the cancel button is displayed on navigation bar. I tried to set RightBarButtonItem (or whatever the name) to nil for appropriate View Controllers (or should I say their Navigation items) but still no effect I tried to change that in init method, in viewWillAppear and every other place that may have worked, but it did not.
    This is kind of strange, because when I needed to remove Groups view from ABPeoplePickerController, I simply gained access to viewControllers array inside viewWillAppear method, and substituted it with my custom array, and it worked
    Any help is greatly appreciated

    There's a posting that will help you on this, but I couldn't find it.
    Here's the code that works
    Make sure you set the delegate (not the peoplePickerDelegate) to the class you will overwrite the navigationController: willShowViewController: animated method.
    - (void)navigationController:(UINavigationController *)navigationController willShowViewController:(UIViewController *)viewController animated:(BOOL)animated
    UIView *custom = [[UIView alloc] initWithFrame:CGRectMake(0,0,0,0)];
    UIBarButtonItem *btn = [[UIBarButtonItem alloc] initWithCustomView:custom];
    [viewController.navigationItem setRightBarButtonItem:btn animated:NO];
    [btn release];
    [custom release];
    }

  • People Picker/Edit Web Parts/More not working in IE11

    So, we just installed IE11 in our company and found the following issues with SharePoint 2010:
    People Picker not working
    At Search site, when you type in string(s) and hit Enter, nothing happens (you must click the search button)
    Cannot edit web parts on Wiki Page
    After doing some exhaustive homework (and installing Sep 2014 CU to see they were fixed), the only 2 solutions are:
    Run in compatibility Mode
    Fix the below tag in the Master Page and People Picker headers (14 hive)
    meta http-equiv="X-UA-Compatible" content="IE=8"
    So, I just want to know if others have encountered this and what they did to resolve (compatibility mode or change the tags or other).
    I have a ticket open with Microsoft, we installed Sept 2014 CU, and are still having these 3 issues.
    Godspeed,
    Herschel

    Hi,
    Thanks for posting your issue,
    We know that IE11 has compatibility issues. Kindly follow below mentioned steps to solve this issue
    1. Installed all the latest Update for IE 11
    2. Add the site in compatibility Mode (Tools> Compatibility view settings> type site name> add)
    3. Add the site in trusted sites and set the security Zone level to low ( IE> Internet Options> Security> trusted sites> sites>add your site there> ok> custom level> select low> reset> ok)
    Also, browse the below mentioned URLs for more details to fix this issue.
    http://www.proactivespeaks.com/2013/09/12/fixing-sharepoint-compatibility-issues-with-internet-explorer-ie-9-and-ie-10/
    http://saiabhilash.blogspot.in/2012/12/people-picker-to-add-users-to.html
    http://sinclairinat0r.com/2014/02/25/sharepoint-2010-people-picker-and-workflow-compatibility-fixes-for-ie10ie11/
    I hope this is helpful to you, mark it as Helpful.
    If this works, Please mark it as Answered.
    Regards,
    Dharmendra Singh (MCPD-EA | MCTS)
    Blog : http://sharepoint-community.net/profile/DharmendraSingh

  • SP 2013 Upgrade error - web application is configured with claims authentication mode however the content database you are trying to attach is intended to be used against a windows classic authentication mode.

    Hi there,
    I get this error when I perform a DB Attach upgrade from SharePoint 2010 to SharePoint 2013. 
    "web application is configured with claims authentication mode however the content database you are trying to attach is intended to be used against a windows classic authentication mode."
    Any help is appreciated. Thanks.

    There is other way of fixing this issue apart from what Amit mentioned. Create a classic based web application in SP 2013 using PowerShell.
    New-SPWebApplication -Name "TestApplication" -ApplicationPool "TestApplicationAppPool" -AuthenticationMethod "NTLM" -ApplicationPoolAccount (Get-SPManagedAccount "sppoc\spfarm") -Port 100 -URL "http://sp2013demo"
    Now mount the content database from SP 2010 on to the web application created above 
    Mount-SPContentDatabase WSS_Content_100 -DatabaseServer SQL2012Demo -WebApplication http://sp2013demo:100
    Once the mount is complete, convert the web application to use claims and migrate the user to use claims identity.
    Convert-SPWebApplication -Identity "http://sp2013demo:100" -To Claims –RetainPermissions -Force
    $w = Get-SPWebApplication "http://sp2013demo:100"
    $w.MigrateUsers($True)
    See my blog post about it: http://www.sharepointnadeem.com/2014/01/upgrade-from-sharepoint-2010-classic.html
    Please remember to up-vote or mark the reply as answer if you find it helpful.

  • When add a people picker (user column) in Word document (Template) and try to add a name it stuck!

    When add a people picker (user column) in Word document (un the document Template) and try to add a name it stuck!
    Is it a known issue?
    keren tsur

    Hi,
    According to your description, I have tested in my environment and I  have the same behavior.
    Only if you type the wrong name in the first time, then you click the phone book to search the right name and save, it will stuck. It means if you do other operation(e.g. type the wrong name then click “resolve” button, then search in the phone book) and
    repeat the operation above, it won’t stuck.
    It is appreciate that you can submit a feedback to Microsoft:
    https://connect.microsoft.com/
    Thanks,
    Dean Wang
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • In Mac Mail on OS 10.5.8 I am receiving bogus emails which claim to be sent by people in my address book, but actually are not.  How does this happen and how can I correct this problem

    n Mac Mail on OS 10.5.8 I am receiving bogus emails which claim to be sent by people in my address book, but actually are not.  How does this happen and how can I correct this problem

    You said:
    I am receiving bogus emails which claim to be sent by people in my address book, but actually are not.
    ...and:
    Are you saying that my address book has not been hacked into?  That others are getting these email addresses from another source?
    This confuses me.  Are you saying that you are receiving bogus e-mails from some of your contacts, or are you saying that they are receiving bogus e-mails from you?
    If the latter, there are a number of reasons that people might be getting e-mail from you.  Malware, though technically possible, is extremely unlikely.  See Someone is sending messages from my e-mail address!
    If the former, that's rather unusual.  The only decent explanation I can think of is that a bunch of your Windows-using contacts got infected with something and their machines are being used to spam everyone in their contact lists, which would include you.

  • People picker does not return users on Safari 7.0.6 and later.

    Hi all,
    I noticed that People picker having issue on Safari 7.0.6 and later. When adding new user, the wheel just spinning forever. But it works on other browsers, does anyone having the same issue or just me, any ideas?
    Thanks in advance!

    Hi Soni,
    You may try this and let us know if this fix the issue.
    First, located the server that host the site with Safari issue. Trace down the “compat.browsers” file: inetpub/wwwroot/wss/VirtualDirectories/”web application name”/App_Browsers
    Copy “compat.browser” and change it as .bak file.
    Open “compat.browser” with notepad and locate:
    <browser id="Safari2" parentID="Safari1Plus">
    <controlAdapters>
    <adapter controlType="System.Web.UI.WebControls.Menu" adapterType="" />
    </controlAdapters>
    </browser>
    Copy the codes below and paste them right below the highlighted text:
    <browser refID="Safari60">
    <controlAdapters>
    <adapter controlType="System.Web.UI.WebControls.Menu" adapterType="" />
    </controlAdapters>
    </browser>
    The change must be made on all WFE servers
    Then recycle the app pool for the Site
    Hope this may anwser your question.
    Vinh_MD

  • Returning Name and Username from People Picker Field in Visual Web Part

    Dear All
    I am creating a visual web part that displays a list that I have created in SharePoint. One of the fields in the list is a People & Groups column type (People Picker) called 'Presented by'. In my web part, I would like to display the username and
    the name of the person who has been 'picked' in this field. However, my using <%# Eval("Presented by") %> only displays their name. How do I get this field to also return their username?
    Many thanks for your help
    Daniel

    You ca  use this code:- change it according to your need
    int requestForUserID = 0;
    string requestForUserLoginName = string.Empty;
    string requestForUserName = string.Empty;
    string userAccount = peoplePickerEmployee.CommaSeparatedAccounts;
    string[] UsersSeperated = peEmployeeOnBehalf.CommaSeparatedAccounts.Split(',');
    foreach (string user in UsersSeperated)
    SPContext.Current.Web.EnsureUser(user);
    SPUser spUser = SPContext.Current.Web.SiteUsers[user];
    requestForUserID = spUser.ID;
    requestForUserLoginName = spUser.LoginName;
    requestForUserName = spUser.Name;
    Mark ANSWER if this reply resolves your query, If helpful then VOTE HELPFUL
    INSQLSERVER.COM
    Mohammad Nizamuddin

  • Configuring Basic Authentication with Username and password on BizTalk Schema Service

    Hi,
    I have published my schema as a webservice with WCF-BASICHTTP adapter in IIS 8.0.
    I wanted to have a Basic Authentication(User name and password restriction).
    I made the Receive location with Security mode as Transport and Transport Client Crediential Type as Basic.
    I also set the Service in IIS with Basic Authentication only enabled.
    But I don't know how to provide a UserName and Password Authentication.
    Please provide your suggestions
    Regards, Vignesh S

    Hi,
    Try & go through the below MSDN link as it explains configuring WCF BasicHttp adapter very well.
    http://msdn.microsoft.com/en-us/library/bb246064(v=bts.80).aspx
    HTH,
    Sumit
    Sumit Verma - MCTS BizTalk 2006/2010 - Please indicate "Mark as Answer" or "Mark as Helpful" if this post has answered the question

  • People Picker field and Web service -- multiple round trips to get Display Name value

    Using Sharepoint 2010 and Infopath 2010, I have created a form that validates fields entered within the form by connecting to a .Net web service created  by someone else.  One of the fields that I need to validate is a People Picker field
    for the Project Manager. 
    The connection to the Web Service runs correctly except that the People Picker goes through the validation process 3-4 times.   I know this because I have a MessageBox showing the value for the InnerXML that pops up 3 times.  The
    first time the MessageBox shows no value for the XML, the next time it shows a name, and the 3rd time it shows no value.
    Here is the code I'm using in the Infopath form (without the Messagebox):
    Dim wsConnection As WebServiceConnection = DirectCast(Me.DataConnections("Validate"), WebServiceConnection)
    Dim formNavigatorProjectManager As XPathNavigator = MainDataSource.CreateNavigator()
    Dim wsNavigatorProjectManager As XPathNavigator = Me.DataSources("Validate").CreateNavigator()
    strformNavProjectManager = formNavigatorProjectManager.SelectSingleNode("/pr:properties/p:properties/documentManagement/ns3:ProjectManager/ns3:UserInfo/ns3:DisplayName", NamespaceManager).InnerXml
    wsNavigatorProjectManager.SelectSingleNode("/dfs:myFields/dfs:queryFields/ns7:Validate/ns7:projectManager", NamespaceManager).SetValue(strformNavProjectManager)
    wsConnection.Execute()
    The line in BOLD above used to have just /pr:properties/p:properties/documentManagement/ns3:ProjectManager
    but I thought my problem might be because People Picker fields are made up of 3 elements -- DisplayName, AccountID and Account Type. So I changed the XML.  Sadly, that didn't make any difference.
    I am using the CHANGED event which a colleague of mine thought would have taken care of the multiple round trips.  But it didn't.
    Hopefully someone out there can tell me what I need to do so that this People Picker field only get validated once (The form also has Managed Metadata fields that have very similar problems so I'm hoping that the solution for the People Picker field
    takes care of the MMD fields too.)  Thanks in advance.  Carol.

    Hi Carol,
    It is the behavior for setting People/Group field if you just select the node "/dfs:myFields/dfs:queryFields/ns7:Validate/ns7:projectManager".
    Also you can try to only set the AccountID value of the People/Group field:
    Dim wsConnection As WebServiceConnection = DirectCast(Me.DataConnections("Validate"), WebServiceConnection)
    Dim formNavigatorProjectManager As XPathNavigator = MainDataSource.CreateNavigator()
    Dim wsNavigatorProjectManager As XPathNavigator = Me.DataSources("Validate").CreateNavigator()
    strformNavProjectManagerID = formNavigatorProjectManager.SelectSingleNode("/pr:properties/p:properties/documentManagement/ns3:ProjectManager/ns3:UserInfo/ns3:AccountID", NamespaceManager).InnerXml
    wsNavigatorProjectManager.SelectSingleNode("/dfs:myFields/dfs:queryFields/ns7:Validate/ns7:projectManager/ns7:userinfo/ns7:AccountID", NamespaceManager).SetValue(strformNavProjectManagerID)
    wsConnection.Execute()
    Thanks,
    Eric
    Forum Support
    Please remember to mark the replies as answers
    if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
    Eric Tao
    TechNet Community Support

  • Populating configuration items: Computers, Services and People under Related Items tab in Computer CI form

    Hi,
    We have integrated SCCM and SCOM with SCSM to import the CI information in CMDB.
    We are able to import few CI information from SCCM regarding softwares, OS, etc and from SCOM regarding hardware and discovered objects.
    When we open the Computer CI in SCSM, we are able to relate almost all the fields from SCCM and SCOM expect Related items tab.
    The Configuration Items: Computers, Services and People are empty under related items tab on Computer CI form.
    Kindly please help me to understand regarding this related items tab.
    Any help will be very much appreciated.
    Thanks
    Kumaresan Lakshmanan

    Hi,
    The Related Items is not automatically populated by any out-of-box connector. You can manually add related configuration items there. What were you expecting to show up under this section?
    Regards,
    Dieter

Maybe you are looking for

  • IPhoto 6 can't find my library for some strange reason...

    Hello everyone, I can't explain why or how it happened. One moment I was looking at my screen with the background that's been there forever. I plug in my external hard drive and the background on my screen turns in a simple mac blue design of some so

  • Can anyone explain all the console sandbox denys?

    Since upgrading to Mac OS X Mountain Lion I get tons of 'deny' entries in the system console log of all the systems I administer. There are too many of too many types to iterate here. I'm sure many of these are ignoxious but how would I know? Some of

  • CRM url transaction launcher

    Hi Experts, I'm using CRM web UI.I defined URL and configured in the transaction launcher.Now I'm able to see the newly created transaction launcher in web UI.When I'm clicking on this, new window is opening as a popup window(without having menu bar-

  • Clock or Alarm Clock?

    I recently gave up my 8350i for an 8330m, and I'll be darned if there aren't a couple of features I miss from the 8350i!!  The one I miss the most is the clock.  On the 8350i, I have a full-fledged clock - complete with alarm clock, stopwatch, timer,

  • Transferring checkbox values on ALV to value in the internal table?

    Hi, I'm using an ALV grid (CL_GUI_ALV_GRID) to display an internal table.  I want users to be able to select one or many rows and those checked lines to be marked as X in my internal table.  I have a field, check(1), in my internal table displayed on