Claim

Similar Messages

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• Internal server error while raising a claim request.

  Dear All,
  I am using claims and we have implemented badi for finding the approver and sending the request.
  Here after implementing the Badi, i am getting internal server error as this.
  While processing the current request, an exception occured which could not be handled by the application or the framework.
  If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator. To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
  Root Cause
  The initial exception that caused the request to fail, was:
     com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Error in module RSQL of the database interface., error key: RFC_ERROR_SYSTEM_FAILURE
      at java.lang.Throwable.<init>(Throwable.java:179)
      at java.lang.Error.<init>(Error.java:37)
      at com.sap.pcuigp.xssfpm.java.FPMRuntimeException.<init>(FPMRuntimeException.java:46)
      at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:103)
      at com.sap.ess.in.claims.fc.FcPowerClaims.callRFC_Emp_Action(FcPowerClaims.java:421)
      ... 53 more
  See full exception chain for details.
  System Environment
  Client
  Web Dynpro Client Type HTML Client
  User agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; QS 4.2.2.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)
  Version null
  DOM version null
  Client Type msie7
  Client Type Profile ie6
  ActiveX enabled
  Cookies enabled
  Frames enabled
  Java Applets enabled
  JavaScript enabled
  Tables enabled
  VB Script enabled
  Server
  Web Dynpro Runtime Vendor: SAP, build ID: 7.0017.20080829103545.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:14:54[UTC], changelist=499141, host=pwdfm101), build date: Fri Mar 13 11:09:42 IST 2009
  J2EE Engine 7.00 patchlevel 112614.44
  Java VM Classic VM, version:1.4, vendor: IBM Corporation
  Operating system OS/400, version: V6R1M0, architecture: PowerPC
  Session & Other
  Session Locale en_US
  Time of Failure Thu Apr 23 18:47:54 IST 2009 (Java Time: 1240492674705)
  Web Dynpro Code Generation Infos
  sap.com/pb
  SapDictionaryGenerationCore 7.0017.20061002105236.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:01:31[UTC], changelist=419377, host=PWDFM101.wdf.sap.corp)
  SapDictionaryGenerationTemplates 7.0017.20061002105236.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:01:37[UTC], changelist=419377, host=PWDFM101.wdf.sap.corp)
  SapGenerationFrameworkCore 7.0017.20060719095755.0000 (release=645_VAL_REL, buildtime=2008-09-17:12:48:53[UTC], changelist=411255, host=PWDFM101.wdf.sap.corp)
  SapIdeWebDynproCheckLayer 7.0017.20080801093115.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:07:06[UTC], changelist=495367, host=PWDFM101.wdf.sap.corp)
  SapMetamodelCommon 7.0017.20061002105432.0000 (release=645_VAL_REL, buildtime=2008-09-17:12:49:40[UTC], changelist=419384, host=PWDFM101.wdf.sap.corp)
  SapMetamodelCore 7.0017.20061002105432.0000 (release=645_VAL_REL, buildtime=2008-09-17:12:49:34[UTC], changelist=419384, host=PWDFM101.wdf.sap.corp)
  SapMetamodelDictionary 7.0017.20060719095619.0000 (release=645_VAL_REL, buildtime=2008-09-17:12:58:48[UTC], changelist=411251, host=PWDFM101.wdf.sap.corp)
  SapMetamodelWebDynpro 7.0017.20080801093120.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:03:59[UTC], changelist=495368, host=PWDFM101.wdf.sap.corp)
  SapWebDynproGenerationCTemplates 7.0017.20080829103545.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:16:41[UTC], changelist=499141, host=pwdfm101)
  SapWebDynproGenerationCore 7.0017.20080801093115.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:07:12[UTC], changelist=495367, host=PWDFM101.wdf.sap.corp)
  SapWebDynproGenerationTemplates 7.0017.20080829103545.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:16:41[UTC], changelist=499141, host=pwdfm101)
  sap.com/tcwddispwda
  No information available null
  sap.com/pb_api
  SapDictionaryGenerationCore 7.0017.20061002105236.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:01:31[UTC], changelist=419377, host=PWDFM101.wdf.sap.corp)
  SapDictionaryGenerationTemplates 7.0017.20061002105236.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:01:37[UTC], changelist=419377, host=PWDFM101.wdf.sap.corp)
  SapGenerationFrameworkCore 7.0017.20060719095755.0000 (release=645_VAL_REL, buildtime=2008-09-17:12:48:53[UTC], changelist=411255, host=PWDFM101.wdf.sap.corp)
  SapIdeWebDynproCheckLayer 7.0017.20080801093115.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:07:06[UTC], changelist=495367, host=PWDFM101.wdf.sap.corp)
  SapMetamodelCommon 7.0017.20061002105432.0000 (release=645_VAL_REL, buildtime=2008-09-17:12:49:40[UTC], changelist=419384, host=PWDFM101.wdf.sap.corp)
  SapMetamodelCore 7.0017.20061002105432.0000 (release=645_VAL_REL, buildtime=2008-09-17:12:49:34[UTC], changelist=419384, host=PWDFM101.wdf.sap.corp)
  SapMetamodelDictionary 7.0017.20060719095619.0000 (release=645_VAL_REL, buildtime=2008-09-17:12:58:48[UTC], changelist=411251, host=PWDFM101.wdf.sap.corp)
  SapMetamodelWebDynpro 7.0017.20080801093120.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:03:59[UTC], changelist=495368, host=PWDFM101.wdf.sap.corp)
  SapWebDynproGenerationCTemplates 7.0017.20080829103545.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:16:41[UTC], changelist=499141, host=pwdfm101)
  SapWebDynproGenerationCore 7.0017.20080801093115.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:07:12[UTC], changelist=495367, host=PWDFM101.wdf.sap.corp)
  SapWebDynproGenerationTemplates 7.0017.20080829103545.0000 (release=645_VAL_REL, buildtime=2008-09-17:13:16:41[UTC], changelist=499141, host=pwdfm101)
  sap.com/tcwdcorecomp
  No information available null
  Detailed Error Information
  Detailed Exception Chain
  com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Error in module RSQL of the database interface., error key: RFC_ERROR_SYSTEM_FAILURE
       at java.lang.Throwable.<init>(Throwable.java:179)
       at java.lang.Exception.<init>(Exception.java:29)
       at com.sap.exception.BaseException.<init>(BaseException.java:145)
       at com.sap.tc.cmi.exception.CMIException.<init>(CMIException.java:65)
       at com.sap.tc.webdynpro.progmodel.model.api.WDModelException.<init>(WDModelException.java:68)
       at com.sap.tc.webdynpro.modelimpl.rfcadapter.WDRFCException.<init>(WDRFCException.java:54)
       at com.sap.tc.webdynpro.modelimpl.rfcadapter.WDExecuteRFCException.<init>(WDExecuteRFCException.java:57)
       at com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException.<init>(WDDynamicRFCExecuteException.java:71)
       at com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException.<init>(WDDynamicRFCExecuteException.java:43)
       at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:101)
       at com.sap.ess.in.claims.fc.FcPowerClaims.callRFC_Emp_Action(FcPowerClaims.java:392)
       at com.sap.ess.in.claims.fc.FcPowerClaims.performEmpAction(FcPowerClaims.java:1988)
       at com.sap.ess.in.claims.fc.wdp.InternalFcPowerClaims.performEmpAction(InternalFcPowerClaims.java:8022)
       at com.sap.ess.in.claims.fc.FcPowerClaimsInterface.performEmpOperation(FcPowerClaimsInterface.java:398)
       at com.sap.ess.in.claims.fc.wdp.InternalFcPowerClaimsInterface.performEmpOperation(InternalFcPowerClaimsInterface.java:3440)
       at com.sap.ess.in.claims.fc.wdp.InternalFcPowerClaimsInterface$External.performEmpOperation(InternalFcPowerClaimsInterface.java:3616)
       at com.sap.ess.in.claims.vc.powerrequestdetail.VcPowerRequestDetail.aH_Send(VcPowerRequestDetail.java:739)
       at com.sap.ess.in.claims.vc.powerrequestdetail.wdp.InternalVcPowerRequestDetail.aH_Send(InternalVcPowerRequestDetail.java:2947)
       at com.sap.ess.in.claims.vc.powerrequestdetail.VcPowerRequestDetailView.onActionSend(VcPowerRequestDetailView.java:1423)
       at com.sap.ess.in.claims.vc.powerrequestdetail.wdp.InternalVcPowerRequestDetailView.wdInvokeEventHandler(InternalVcPowerRequestDetailView.java:1650)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
       at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
       at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
       at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:321)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
       at com.sap.tc.webdynpro.portal.pb.impl.localwd.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java:77)
       at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1299)
       at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:326)
       at com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:868)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136)
       at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
       at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:321)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:101)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Caused by: com.sap.aii.proxy.framework.core.BaseProxyException: Error in module RSQL of the database interface., error key: RFC_ERROR_SYSTEM_FAILURE
       at java.lang.Throwable.<init>(Throwable.java:179)
       at java.lang.Exception.<init>(Exception.java:29)
       at com.sap.aii.util.misc.api.BaseException.<init>(BaseException.java:96)
       at com.sap.aii.proxy.framework.core.FaultException.<init>(FaultException.java:34)
       at com.sap.aii.proxy.framework.core.SystemFaultException.<init>(SystemFaultException.java:29)
       at com.sap.aii.proxy.framework.core.BaseProxyException.<init>(BaseProxyException.java:39)
       at com.sap.aii.proxy.framework.core.AbstractProxy.send$(AbstractProxy.java:150)
       at com.sap.ess.in.claims.newmodel.HRXSS_IN_NEWCLMS_MODEL.hrxss_In_Cl_Emp_Action(HRXSS_IN_NEWCLMS_MODEL.java:475)
       at com.sap.ess.in.claims.newmodel.Hrxss_In_Cl_Emp_Action_Input.doExecute(Hrxss_In_Cl_Emp_Action_Input.java:137)
       at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:92)
       ... 54 more
  Appreciate any quicker help on this.
  Regards,
  Rajasekar

  Hi,
  Can u give me full details ....
  What is the name of the BADI and ....coding tht you have written in method.
  Cheers
  Vivek

• Firefox prompted me to download an incompatible update that its website claims is compatible with my operating system (Mac OS 10.4.11). Why prompt an incompatible download AND claim it is compatible?

  I have an iMac and use OS 10.4.11 & Firefox 3.6.19. Firefox prompted me to download an update (to 7.0.1). I looked up the system requirements on your website, and it stated the update is compatible with OS 10.4.11. But after I downloaded and installed the update, it failed to work on grounds of incompatibility. Hence 2 questions: (1) Why did Firefox prompt me to download an incompatible update? (2) Why did your website claim the update is compatible with my operating system when it is not?

  Sorry, it's because Firefox 4+ are only compiled for the Intel processors.
  There is a separate project for PPC Macs called Ten Four Fox. You might give it a spin when you're tired of 3.6.
  http://www.floodgap.com/software/tenfourfox/

• Can not get access files from Windows 7 to Claims-based file authorization share

  We have AD level 2012R2, DCs running 2012R2 of course, and we have clustered File Server (3 FSNodes running 2012R2).
  We enabled 2 policies 
  KDC Support for claim
  Kerberos support for claim
  We created 1 claim type in ADAC (For example "Division" Source Property). Filled this property to all IT AD Accounts by our value "IT"
  On FS made a share folder ITDivision:
  - set permissions  Domain Users can Modify if User.Division equals "IT"
  so on Windows 8 IT Users can access files on this share and on Windows 7 they cant
  =\ . We know from many presentations about Dynamic Access Control that File Server must enroll user claims if client do not support this claims (Service-for-User-To-Self)

  Hi,
  >>so on Windows 8 IT Users can access files on this share and on Windows 7 they cant
  =\ . We know from many presentations about Dynamic Access Control that File Server must enroll user claims if client do not support this claims (Service-for-User-To-Self)
  How is it going? Was there any error message? As far as I know, Dynamic Access Control (DAC) should work for downlevel clients. It’s backwards compatible. As Florain explains in the following blog:
  For non-Windows 8 and non-Windows Server 2012 boxes accessing DAC-protected file shares, the users do not carry any claims. For them, the Server 2012-based file share will query Active Directory and proxy the claims request to figure out what claims
  the user and machine bring. The file server checks in the name of the user, whether they should have claims. With that information, the file server evaluates the access to the file share. So yeah – DAC works for downlevel clients, too. It’s backwards compatible.
  And totally transparent to Windows 7.
  Questions regarding Dynamic Access Control (FAQ)
  http://www.frickelsoft.net/blog/?p=293
  In addition, regarding dynamic access control, the following blog can also be referred to for more information.
  Dynamic Access Control in Windows Server 2012
  http://www.infoq.com/news/2012/10/Dynamic-Access-Control
  Please Note: Since the above two website are not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Best regards,
  Frank Shen

• How to pass credentials/saml token access sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication

  How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication 
  Identity provider here is Oracle identity provider 
  harika kakkireni

  Hi,
  The following materials for your reference:
  Consuming List.asmx on a claims based sharepoint site
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
  Sharepoint Claims based authentication and Single Sign on
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
  Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
  Best Regards
  Dennis Guo
  TechNet Community Support

• My iPhone 5S was ignored to claim with Thai wireless carrier

  I really confident in Apple product a lot, when Apple releases the new products I feel that I would like to be the owner of them all.
  Apple is really famous in Thailand, iPhone is the top ranking of product that Thai people would like to be owned. I'm the one of these all people.
  I buy iPhone 5S after it sold by Truemove-H. With confidentially in Apple product and the first Thai authorized carrier by Apple, I booked and brought it immediately.
  My first unboxing of the new iPhone 5S was in Central Chiang Rai (iBeat). I have booked two iPhones. I unboxed the first iPhone (32GB) and found 2 dead pixels on screen, unfortunately the second iPhone (16GB) also have a dead pixel. Luckily, they returned me a money. This unboxing disappointed me a little bit in them of Apple product quality.
  I got a call from another shop, they said that my iPhone 5s that I had booked is available. I came to the shop and unbox it, I carefully checked the dead pixels and others majority thing, nothing dysfunctional.
  I decided to buy and came-back to my home until I later found that the screen is loose and I can hear the sound (the clicking sound) when I press on the top right corner of the screen.
  I was worried a lot and contact to the Apple via chatting, the staff suggested me that I should to contact to the wireless carrier (Truemove H). I was not complacent to contact to Truemove Shop in Central Airport Ching Mai. I waited to talk with them around 1 hours. When was in my queue, I talked to them that How can I use my new iPhone with a loose screen? I really worried about this a lot because I should be the way it is. Truemove- H staff answer me that this kind of issue cannot be claim and return as a new phone or refurbished phone. It is still working, there is no problem with software, we could not claim this iPhone for you.
  I felt disappoint again when I have heard the staff said to me like this. I felt that the Apple standard unable to use in Apple product. I think if I buy this iPhone with Apple directly it would not be a problem like this.
  I would like to ask to Apple that how can I do next? I don't mind that I would get a refurbished one or not. I just worry about the standard that Apple have in each country, it quite strongly different. for the example; I can claim this in US or UK but I can't do anything in Thailand.
  How can I recall my feeling and confidentiality from Apple?
  *sorry about grammar and language used, I'm not a native speaker.
  The video shows how my iPhone 5S has a loose screen: https://www.youtube.com/watch?v=bLwUWbfznZg&feature=youtu.be

  What is your technical support question for your fellow users in these user to user support forums?
  If English is not your native language, stop posting in English.  Post in your native language to clearly communicate the issue.
  And while you are at it, STOP rambling.  Get to the point.  We do not need nor care for your praise of Apple and the irrelevant back story.

• IPod Classic not recognized by iTunes, claims to be wiped of all content, and causes computer problems when connected

  I have an 80 GB iPod Classic that has suddenly developed severe problems. I'm running iTunes on Windows 7 64 bit.
  It was working fine until last night, when I connected it to iTunes to add 6 songs. (Four of these were bought on Amazon.com and 2 ripped from CD's). It accepted the songs and played them fine when connected. When I clicked the icon in iTunes to eject the iPod, it came up with the "OK to Disconnect" and progress bar as usual. However, this time the progress bar didn't start to fill in. It just sat there.
  After several minutes the progress bar finally filled in and returned to the menu... but instead of displaying the cover flow on the right side as usual, it showed a gray box with "No Music."
  When I tried to re-connect it to my computer, iTunes would not recognize it. My computer also wouldn't recognize it at first... after several minutes, it came up as a generic removable device. Attempting to right-click on it or eject it from Windows was unsuccessful.
  The iPod itself displayed "Connected" and alternated the plug image with the spinning arrows. It never said "Synchronizing" as it usually does.
  Furthermore, my computer's performance degraded severely while the iPod was plugged in. iTunes itself froze, and even my other applications (such as my web browser) would not work correctly. This all cleared up as soon as I unplugged the iPod. If I tried to initialize iTunes while the iPod was plugged in, it would not open. It opened immediately when I unplugged the iPod.
  Finally, despite claiming to have no music or other contents (it had contained only my iTunes music library, which is about 26.5 GB), in Settings the iPod claimed to have only 5.3 GB of free space.
  Resetting the iPod with Select/Menu made no change. I was able to put it in diagnostic mode and check the hard drive, which gave these results:
  Retracts: 381
  Reallocs: 0
  Pending Sectors: 10
  PowerOn Hours: 417
  Smart/Stops: 381
  Temp: Current 24c
  Temp: Min 15c
  Temp: Max 48c
  When I put the iPod up to my ear I hear a steady, faint high-pitched sound and an occasional very faint crackling noise. When it shuts down the sound continues for a few seconds, then ends with a kind of squeaking sound.
  The iPod is more than 5 years old, so I'm prepared for the probability that it's fried. But I'd like to try everything before I go ahead and spring for a new one.

  The iPod's hard drive probably has data corruption.  That does not necessarily mean there is a hardware problem.  Hard drives, including the ones in computers, can develop data corruption.
  Try putting the iPod into Disk Mode
  http://support.apple.com/kb/ht1363
  If it goes into Disk Mode, run iTunes on the computer and connect the iPod.  To eliminate other potential issues, you should disconnect other USB devices (you can leave standard keyboard/mouse connected), and connect the iPod to a direct USB port on the computer.
  iTunes may prompt you to do a Restore, which you should do.  This will erase the iPod, re-install its software, and set it to default settings.  If the problem was only data corruption, and there is no hardware problems, the iPod should have a "fresh start."  You can sync it from your iTunes library.
  If the iPod does not go into Disk Mode, or if doing a Restore fails, the iPod's hard drive may be faulty.

• Cant find HP Web services tab to find claim code

  Hi
  I am trying to set up HP ePrint on my HP Laserjet M1522nf printer connected to my home network. I am unable to find the claim code for my printer to set up the device on HP connected services.
  I have entered the IP address on my web browser and entered the printer's configuration tab but i am unable to find the web services tab or the print info page for the claim code.
  Please let me know how to find the claim code so that i could set up ePrint.
  Thanks
  Harish
  This question was solved.
  View Solution.

  Ok judt realised this device is not eprint ready.
  Please ignore my earlier post. 

• Payroll issue regarding the Claims - /561 and /563

  Hi Payroll Experts,
  I have a payroll issue regarding the Claims - /561 and /563 (October PY Run)
  When i m runnning the Current month Payroll(October PY Run), Total Earning - total deductions are not matching with Net Pay. later i came to know that the system creates the WT /561 and deducts from the Net Pay.
  But as per the Employee Payment Details , there is no recovery required from the employee for the past one year. But even then the system creates the WT /561. and deducts the same from NET Pay.
  The followng are the WT details
  IN - Period
  OCT 2011
       /101 Total gross amount     118,897.00
       /110 Net payments/deductions     76,070.00-
       /550 Statutory net pay     95343
       /551 Stat.net recalc.diff.     37,692.00-
       /552 Stat.net subs.adjustment      37,692.00-
       /559 Bank transfer                                                   34,317.00
       /560 Net pay     37,218.00
       /563 Claim from previous month     5,609.00
  FOR Period
  Sept- Oct
       /101 Total gross amount     49,213.00
       /110 Net payments/deductions      31,721.00-
       /550 Statutory net pay     41,529.00
       /551 Stat.net recalc.diff.     14,591.00
       /552 Stat.net subs.adjustment     23,101.00-
       /553 Recalc.diff.to last payr.     37,692.00
       /559 Bank transfer                                                   14,591.00
       /560 Net pay     14,591.00
       /561 Claim     5,609.00
  I request  some body to  throw siome light on the same.

  Hi Experts,
  Thanks for everyone for replying to my query ,
  I have a doubt that If you check the WTs /551 and /552  in the IN PRD, the negative sign is coming for both the WTs
  Is it correct?
  And also, Assume that there may be a master data changes like Bank details and other deduction Wts happened in the month of Aug and now i m going to run the payroll for the month of Nov,
  some of the employees having differences in the Net Pay, Eventhough the employee is having sufficient balances.
  So how do i handle this issue
  IS ther any way to solve this differences?
  Please Let me know how to solve this issue.
  Thanks

• ADFS Claims Authentication, Configuring UPA and People Picker

  Hi,
  I am just trying to get my head around setting up ADFS to authenticate users along with allowing UPA (My Sites) and People Picker to work.
  So, my environment is a WFE and an SQL Server offsite and my AD and ADFS 2.0 server onsite.  We have configured SharePoint as below and applied the Claims Provider to my Intranet web app and My Sites web app and I can login in with my
  account as [email protected] (UPN)
  $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("E:\ADFS_SelfSigned.cer")
  New-SPTrustedRootAuthority -Name "ADFS Self Signed” -Certificate $cert
  $map1 = New-SPClaimTypeMapping "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "Account ID" –SameAsIncoming
  $map2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" –SameAsIncoming
  $map3 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" –SameAsIncoming
  $realm = “https://intranet.domain.com.au/_trust/”
  $signinurl = “https://adfs01.domain.com.au/adfs/ls/”
  $ap = New-SPTrustedIdentityTokenIssuer –Name "SAML Provider" -Description "My Custom Identity Provider" –Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1,$map2,$map3 –SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType
  $uri = new-object System.Uri("https://adfs01.domain.com.au/adfs/ls/")
  $ap.ProviderRealms.Add($uri, " https://mysites.domain.com.au/_trust/")
  $ap.Update()
  iisreset
  When trying to configure a new synchronisation connection> Activery Directory Import under the User Profile Service Application, I get an error saying it can't connect to the Domain Controller which would make sense as they are not on the
  same domain.
  I believe that MS have a sync utility that works with Office365/MS Cloud - is there a similar solution available for my configuration? 

  AD import still uses LDAP/ADSI... ADFS cannot be used DIRECTLY as a sync source, since it is NOT a QUERYABLE technology. It is an AUTHENTICATION technology. UPS syncs to a QUERYABLE data source like LDAP/ADSI, and maps one of the properties to the ADFS login
  (most people choose email or UPN, though I tend to recommend SID for various reasons).
  Also, since people picker displays a SEARCH window, and since ADFS is not a QUERYABLE technology, the people picker (by default) ASSUMES that whatever you type in will be VALID. You can SEARCH the UPS, but if you type an email address or something of that
  nature, it is NOT going to SEARCH your directory! To address this, you need to install a custom Identity Provider... one is available on CodePlex, which performs an LDAP search against the domain controller... if that's not an option, you need a custom coded
  solution.
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Moving/Linking Claims Windows Auth user to an ADFS Claims

  Hi guys, 
  Here is my situation:
  Initial deployment: SharePoint 2010 with Windows Authentication - Users login using AD
  We successfully migrated the web application to use "Claims"
  We then integrated the web application with ADFS 2.0 - Using the same AD users
  Everything seems good and working fine. 
  The question I have is related to content already created in SharePoint. Is it possible to map the new ADFS account usernames to the existing windows authentication claims usernames?
  This is important for users, because we would like the "My" views of lists and libraries to work. SharePoint at the moment thinks that the logged in users (using ADFS) is different than the user who created/modified the documents. (Although it
  is the same AD account)

  Hi Inderjeet
  Thanks for your reply. The article did help in moving users (Move-SPUser) from AD to ADFS (Which I noticed in the securities in groups), however, the issue I'm looking for is still standing where the items that were created by the user using "Windows
  Auth Claim" were not moved/updated to the "ADFS Claim" user, which in fact they map to the same AD user.
  Is there away to transfer/update the created by and modified by attributes of users from Windows Claims to ADFS Claims user?
  UPDATE: The above statement is not correct. Move-SPUser actually updates the created by and modified by attributes to. 

• Cannot create dataset from claims based authentication sharepoint site in report builder 3.0

  I have a sharepoint site, which is configured as claims based authentication (ref:
  http://ashrafhossain.wordpress.com/2011/05/25/how-to-configure-claim-based-authentication-for-sharepoint-project-server-2010/) . both AD and asp.net members can log in to the site successfully. My user need to use the report build to create report
  on this sharepoint site. As a result, the site is also integrated with reporting service. I try to create a report in the sharepoint site by clicking "New Document" -> "Report builder Report". The report builder will comes out and ask for credential to
  connect to the report server. I use asp.net member to login and it can let me to create a data source which connect to a the list of the sharepoint site with credential option "Use current Windows user. Kerberos delegation might be required". However, when
  I try to create a data set and click the query designer, error "Server was unable to process request. ---> Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" appear as below:
  Besides, non of my AD account can be used to login to the report builder. Errors below found in the ULS log:
  09/26/2012 14:47:27.75 w3wp.exe (0x116C)
  0x11F4 SharePoint Foundation
  Claims Authentication fo1t
  Monitorable SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated.
  (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  09/26/2012 14:47:27.76 w3wp.exe (0x140C)
  0x0F38 SharePoint Foundation
  Claims Authentication fsq7
  High Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message
  response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
  rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  524a2f96-f5ff-4c96-80d1-f08d3c7ef14f
  09/26/2012 14:47:27.76 w3wp.exe (0x140C)
  0x0F38 SharePoint Foundation
  Claims Authentication 8306
  Critical An exception occurred when trying to issue security token: The security token username and password could not be validated..
  524a2f96-f5ff-4c96-80d1-f08d3c7ef14f

  Hi Foxvito,
  Claims authentication types supported by SharePoint 2010 are Windows Claims, forms-based authentication Claims, and SAML Claims. In SAML-Claims mode, SharePoint Server accepts SAML tokens from a trusted external Security Token Provider (TST). From the
  blog you referenced, it seems to use the SAML Claims authentication.
  However, the Reporting Services client applications: Report Builder, the Report Designer in Business Intelligence Development Studio, and Management Studio do not support connecting and authenticating with LiveID or SAML Claims based SharePoint Web applications.
  That's because the SAML Claims don't use the Reporting Services authentication endpoint. So, you have to change the Claims authentication type to use Report Builder on the SharePoint site.
  References:
  Overview of Kerberos authentication for Microsoft SharePoint 2010 Products
  Claims Authentication and Reporting Services
  Regards,
  Mike Yin
  Mike Yin
  TechNet Community Support

• Claims Based Authentication and Editing User Profiles

  Hi All,
  I have an interesting issue where I have a SharePoint Farm setup with both the intranet and mysites web applications setup using Claims Based Authentication. While everything seems to work fine, you are able to search for users, view properties and users
  can change their own profile properties. However when you configure a profile administration account (an account with the "manage user profiles" permission on the User Profile Service Application) and you attempt to use that account to edit
  another users profile you get hit with a generic error page. 
  Delving deeper you get the following errors:
  ULS:
  Date    Process    Thread Id    Area    Category    Event Id    Level    Correlation    Message
  5/7/2013 00:31:44:64    App Pool: MySites    0x1DC8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Name=Request (GET:http://mysite.DOMAIN.loc:80/_layouts/15/EditProfile.aspx?UserSettingsProvider=234bf0ed%2D70db%2D4158%2Da332%2D4dfd683b4148&ReturnUrl=http%3A%2F%2Fmysite%2EDOMAIN%2Eloc%2Fperson%2Easpx%3Faccountname%3DDOMAIN%255CAUSER&accountname=DOMAIN%5CAUSER)
  5/7/2013 00:31:44:66    App Pool: MySites    0x1DC8    SharePoint Foundation    Authentication Authorization    agb9s    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|DOMAIN\sp_config, ClaimsCount=24
  5/7/2013 00:31:44:66    App Pool: MySites    0x1DC8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Site=/
  5/7/2013 00:31:44:69    App Pool: MySites    0x1DC8    SharePoint Foundation    Files    00000    High    4001199c-6bd8-c03d-920f-55177fbff00c  
   UserAgent not available, file operations may not be optimized.
  at Microsoft.SharePoint.SPFileStreamManager.CreateCobaltStreamContainer(SPFileStreamStore spfs, ILockBytes ilb, Boolean copyOnFirstWrite, Boolean disposeIlb)  
  at Microsoft.SharePoint.SPFileStreamManager.SetInputLockBytes(SPFileInfo& fileInfo, SqlSession session, PrefetchResult prefetchResult)  
  at Microsoft.SharePoint.CoordinatedStreamBuffer.SPCoordinatedStreamBufferFactory.CreateFromDocumentRowset(Guid databaseId, SqlSession session, SPFileStreamManager spfstm, Object[] metadataRow, SPRowset contentRowset, SPDocumentBindRequest& dbreq, SPDocumentBindResults&
  dbres)  
  at Microsoft.SharePoint.SPSqlClient.GetDocumentContentRow(Int32 rowOrd, Object ospFileStmMgr, SPDocumentBindRequest& dbreq, SPDocumentBindResults& dbres)  
  at Microsoft.SharePoint.Library.SPRequestInternalClass.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages,
  Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String&
  pbstrTimeLastModified, String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64&
  pllListFlags, Boolean& pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder,
  Guid& pgDocScopeId)  
  at Microsoft.SharePoint.Library.SPRequestInternalClass.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages,
  Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String&
  pbstrTimeLastModified, String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64&
  pllListFlags, Boolean& pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder,
  Guid& pgDocScopeId)  
  at Microsoft.SharePoint.Library.SPRequest.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages, Boolean&
  pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String& pbstrTimeLastModified,
  String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64& pllListFlags, Boolean&
  pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder, Guid&
  pgDocScopeId)  
  at Microsoft.SharePoint.SPWeb.GetWebPartPageContent(Uri pageUrl, Int32 pageVersion, PageView requestedView, HttpContext context, Boolean forRender, Boolean includeHidden, Boolean mainFileRequest, Boolean fetchDependencyInformation, Boolean& ghostedPage,
  String& siteRoot, Guid& siteId, Int64& bytes, Guid& docId, UInt32& docVersion, String& timeLastModified, Byte& level, Object& buildDependencySetData, UInt32& dependencyCount, Object& buildDependencies, SPWebPartCollectionInitialState&
  initialState, Object& oMultipleMeetingDoclibRootFolders, String& redirectUrl, Boolean& ObjectIsList, Guid& listId)  
  at Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.FetchWebPartPageInformationForInit(HttpContext context, SPWeb spweb, Boolean mainFileRequest, String path, Boolean impersonate, Boolean& isAppWeb, Boolean& fGhostedPage, Guid& docId,
  UInt32& docVersion, String& timeLastModified, SPFileLevel& spLevel, String& masterPageUrl, String& customMasterPageUrl, String& webUrl, String& siteUrl, Guid& siteId, Object& buildDependencySetData, SPWebPartCollectionInitialState&
  initialState, String& siteRoot, String& redirectUrl, Object& oMultipleMeetingDoclibRootFolders, Boolean& objectIsList, Guid& listId, Int64& bytes)  
  at Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.GetWebPartPageData(HttpContext context, String path, Boolean throwIfFileNotFound)  
  at Microsoft.SharePoint.ApplicationRuntime.SPVirtualPathProvider.GetCacheKey(String virtualPath)  
  at System.Web.Compilation.BuildManager.GetVPathBuildResultFromCacheInternal(VirtualPath virtualPath, Boolean ensureIsUpToDate)  
  at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)  
  at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)  
  at System.Web.Compilation.BuildManager.GetVPathBuildResult(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean ensureIsUpToDate)  
  at System.Web.UI.MasterPage.CreateMaster(TemplateControl owner, HttpContext context, VirtualPath masterPageFile, IDictionary contentTemplateCollection)  
  at System.Web.UI.Page.ApplyMasterPage()  
  at System.Web.UI.Page.PerformPreInit()  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.ProcessRequest()  
  at System.Web.UI.Page.ProcessRequest(HttpContext context)  
  at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()  
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)  
  at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)  
  at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)  
  at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)  
  at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)  
  at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)  
  at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)  
  at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)  
  at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)  
  at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
  5/7/2013 00:31:44:69    App Pool: MySites    0x1DC8    SharePoint Foundation    Files    aiv4w    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Spent 0 ms to bind 33542 byte file stream
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ai7z6    High    4001199c-6bd8-c03d-920f-55177fbff00c  
   User was not successfully retrieved: i:0#.w|DOMAIN\AUSER in ProfileUI.OnInit. Seeing if this is a system account
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ai7z7    High    4001199c-6bd8-c03d-920f-55177fbff00c  
   User i:0#.w|DOMAIN\AUSER not found and not a system account.
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ahn7m    Unexpected    4001199c-6bd8-c03d-920f-55177fbff00c  
   ProfileUI: Unhandled exception inside OnInit: Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER  
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ahn7h    Unexpected    4001199c-6bd8-c03d-920f-55177fbff00c  
   ProfileEditor: Unhandled exception inside OnInit: Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER  
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
  at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    General    8nca    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Application error when access /_layouts/15/EditProfile.aspx, Error=DOMAIN\AUSER
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
  at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    Runtime    tkau    Unexpected    4001199c-6bd8-c03d-920f-55177fbff00c  
   Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
  at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    General    ajlz0    High    4001199c-6bd8-c03d-920f-55177fbff00c  
   Getting Error Message for Exception System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER  
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
  at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.HandleError(Exception e)  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.ProcessRequest()  
  at System.Web.UI.Page.ProcessRequest(HttpContext context)  
  at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()  
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    General    aat87    Monitorable    4001199c-6bd8-c03d-920f-55177fbff00c  
  5/7/2013 00:31:44:73    App Pool: MySites    0x1DC8    SharePoint Foundation    Monitoring    b4ly    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Leaving Monitored Scope (Request (GET:http://mysite.DOMAIN.loc:80/_layouts/15/EditProfile.aspx?UserSettingsProvider=234bf0ed%2D70db%2D4158%2Da332%2D4dfd683b4148&ReturnUrl=http%3A%2F%2Fmysite%2EDOMAIN%2Eloc%2Fperson%2Easpx%3Faccountname%3DDOMAIN%255CAUSER&accountname=DOMAIN%5CAUSER)).
  Execution Time=87.1739285300227
  It seems similar to an issue in the blog post here: http://kb4sp.wordpress.com/2012/12/05/user-cannot-be-found-shenanigans-one-way-active-directory-trusts-and-sharepoint-2013/ however I tried what was suggested and it didn't work.
  Any help with this is appriciated.

  This line offers clues about the actual problem:
  Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER 
  According to the MSDN link (http://msdn.microsoft.com/en-us/library/microsoft.office.server.userprofiles.usernotfoundexception.aspx)
  it is not able to find the user in the profile store. Additionally the link you mentioned (http://kb4sp.wordpress.com/2012/12/05/user-cannot-be-found-shenanigans-one-way-active-directory-trusts-and-sharepoint-2013)
  suggests that the account being used to validate accounts on the production domain may have a problem.
  If there a way you can test that account in isolation against the DC?
  With Regards Shailen Sukul Entrepreneur/Software Architect/Developer/Consultant/Trainer (BSc | Mct | Mcpd (.Net 2/3.5/SharePoint2010) | Mcts (Sharepoint 2010/MOSS/WSS), Biztalk, Web, Win, Dist Apps) | Mcitp(SharePoint) | Mcsd.NET | Mcsd | Mcad) MSN | Skype
  | GTalk Id: shailensukul Twitter: http://twitter.com/shailensukul Website: http://sukul.org Blog: http://shailen.sukul.org/ http://www.linkedin.com/in/shailensukul

• ADFS 3.0 WAP and Non-Claims-Aware Relying Party Trusts

  I am attempting to migrating a Windows Claims SharePoint page to ADFS 3.0 (Windows Server 2012 R2) and the WAP (Web Application Proxy) from UAG, but are running into problems when our external users attempt to authenticate.  Users from our external
  domain (call it Domain2.com) have been accessing our SharePoint pages via SAML tokens but when I attempted to move them to the new WAP and off of UAG, they get a http/500 error.  The WAP error log gives the following:
  Warning Event ID 13016 - Web Application Proxy cannot retrieve a Kerberos ticket on behalf of the user because there is no UPN in the edge token or in the access cookie
  Error Event ID 12027 - Web Application Proxy encountered an unexpected error while processing the request. Error: The specified username is invalid. (0x8007089a).
  I presume the Error Event ID 12027 is because there is no UPN in the token and we are using KCD/Kerberos so I need to pass a UPN.
  The ADFS server and WAP are joined to Domain1.com.  Domain1.com is Active Directory and there is an account for every user in Domain2.com that is allowed access to our SharePoint Sites.  These account contain the standard
  info... UPN, Email Address, sAMAccountName, etc.  The UPN, Email, and sAMAccountName do not always match the accounts with the Domain2.com accounts; however, we have been using an Active Directory Field labled employeeNumber that is synchronized
  on both domains and we have been using a custom lookup based on the employeeNumber in AD.
  When login's occur via Domain1.com, no problem, the UPN is pulled from the Active Directory Claim Provider Trust.  When a user attempts to access from Domain2.com, we have configured ADFS to forwards them to an STS that collects the employeeNumber
  from Domain2.com via a Web Auth SAML token.  We are able to use the SAML token if we use the standard Claims-Aware Relying Party Trust (CARPT) and convert our SharePoint sites to use the trusted URN via powershell scripts, but we are trying to retain
  functionality similar to how we are using UAG so we don't want to change every single SharePoint site to the SAML configuration, hence we are trying to use the Non-Claims-Aware Relying Party Trust (NCARPT)
  Problem1: When we are using CARPT we can configure the custom translation for our employeeNumber lookup in AD.  But CARPT uses SAML Tokens not Kerberos Tolkens so we cannot login when SharePoint is configured for Kerberos.
  Problem2: When we are using NCARPT it works great when authenticating via local (Domain1.com) credentials and look's up the user in AD, but when we attempt to authenticate with remote (Domain2.com) credentials we are unable to configure the employeeNumber
  lookup and ADFS doesn't just go out and make that correlation on its own.
  Question1: Can I configure CARPT to use Kerberos?
  Question2: If not, can I configure NCARPT to lookup the AD employeeNumber, match the UPN, and add the UPN to the token?
  Question3: If neither option is available, am I just stuck with UAG or is there something out (not scheduled for EOL) there that can handle the translation between SAML and Kerberos Tokens?
  Let me know if I left something out, I tend to ramble, but not sure of all the info that is needed...

  Hi,
  Based on the description, is there trust between domain 1 and domain 2? If not, we can try to create trust between these two domains to see if it helps.
  Regarding Event ID 13016 and Event ID 12027, the following article can be referred to for more information.
  Web Application Proxy Troubleshooting
  https://technet.microsoft.com/en-us/library/dn770156.aspx
  Besides, for ADFS questions, in order to get more and better help, it's recommended that we ask for suggestions in the following forum.
  Claim based access platform (CBA), code-named Geneva
  https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

  Please excuse the lousy table...Its late :-)
  I have a multi-server SP2010 farm.  Patched up to
  Configuration database version: 14.0.6106.5002
  My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
  letter (
  http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
  IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
  Claims Auth log entries:
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  f2ut
  Verbose
  Authenticated with login provider. Validating request security token.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Using membership provider 'ADAMProvider'.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Doing password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Failed password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)               
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Unexpected
  Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
  token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  fo1t
  Monitorable
  SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
  could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  fsq7
  High   
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  8306
  Critical
  An exception occurred when trying to issue security token: The security token username and password could not be validated..
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  f2un
  Verbose
  Form authentication failed.
  I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
   I found plenty out there and nothing directly correlates with this issue. 
  I searched on all parts of the errors I got.
  This contains an interesting blurb about setting up access for the apppool id correctly. 
  That’s not the case for me.  It works in dev and the same id are used there. 
  http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
  This was good but it doesn’t give specs on what the environment looks like:
  http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
  The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
  http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
  Any and all help would be greatly appreciated!

  Hi.
  You say its a multiserver farm, do you have more than one web server then?
  If thats the case, have you tried accessing the site on each server directly?
  Found this for you, maybe that can help?
  Troubleshooting Exceptions: System.ServiceModel.FaultException`1
  http://msdn.microsoft.com/en-us/library/bb907220.aspx
  and this:
  SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
  http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
  and
  This seems to be a good guide:
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  Good luck
  Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com