Claims Based Authentication and Editing User Profiles

Similar Messages

• How to pass credentials/saml token access sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication

  How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication 
  Identity provider here is Oracle identity provider 
  harika kakkireni

  Hi,
  The following materials for your reference:
  Consuming List.asmx on a claims based sharepoint site
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
  Sharepoint Claims based authentication and Single Sign on
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
  Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
  Best Regards
  Dennis Guo
  TechNet Community Support

• Sharepoint 2010 on Windows 2012R2 and claims based authentication

  Hello,
  We have installed a sharepoint 2010 SP2 CU dec 2014 on a Windows 2012R2 server.
  The installation went without problems.
  However, we want to use claims based authentication on a certain web app pool.
  Therefore some configuration on IIS is required.
  The first issue we ran into, is the web application pool uses ASP.NET 2.0, which is the default settings.
  However, using this ASP.NET Version 2.0 the feature "Providers" and ".net users" are invisible.
  When changing the .net version to 4.0, the features comes back again.
  I can fill in the connection strings without problem.
  The providers feature however, gives me the following errors:
  There is a duplicate .... sections defined.
  When googling on this error, it seems that on .net 4.0 these sections are already globbally defined in the machine.config, So i removed these entries in the machine.config
  These are the lines that are "double"
  <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false"
  allowDefinition="MachineToApplication"/>
  <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere"
  />
  <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"
  />
  <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false"
  allowDefinition="MachineToApplication" />                                          
  So after removing these lines, i can get into Providers feature in IIS.
  but, when i click on "Add..." i get the following error:
  Add Provider
  There was an error while performing this operation.
  Details:
  This method cannot be called during the application's pre-start initialization phase.
  OK   
  I spent to much time already to solve this issue and i hope  that someone can give me some advice to address this issue.

  The STS web.config:<?xml version="1.0" encoding="utf-8"?>
  <configuration>
  <system.serviceModel>
  <!-- Behavior List: -->
  <behaviors>
  <serviceBehaviors>
  <behavior name="SecurityTokenServiceBehavior">
  <!-- The serviceMetadata behavior allows one to enable metadata (endpoints, bindings, services) publishing.
  This configuration enables publishing of such data over HTTP GET.
  This does not include metadata about the STS itself such as Claim Types, Keys and other elements to establish a trust.
  -->
  <serviceMetadata httpGetEnabled="true" />
  <!-- Default WCF throttling limits are too low -->
  <serviceThrottling maxConcurrentCalls="65536" maxConcurrentSessions="65536" maxConcurrentInstances="65536" />
  </behavior>
  </serviceBehaviors>
  </behaviors>
  <!-- Service List: -->
  <services>
  <service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract" behaviorConfiguration="SecurityTokenServiceBehavior">
  <!-- This is the HTTP endpoint that supports clients requesing tokens. This endpoint uses the default
  standard ws2007HttpBinding which requires that clients authenticate using their Windows credentials. -->
  <endpoint address="" binding="customBinding" bindingConfiguration="spStsBinding" contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" />
  <!-- This is the HTTP endpoint that supports clients requesting service tokens. -->
  <endpoint name="ActAs" address="actas" binding="customBinding" bindingConfiguration="spStsActAsBinding" contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" />
  <!-- This is the HTTP endpoint that supports IMetadataExchange. -->
  <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
  </service>
  <service name="Microsoft.SharePoint.Administration.Claims.SPWindowsTokenCacheService">
  <endpoint address="" binding="customBinding" bindingConfiguration="SPWindowsTokenCacheServiceHttpsBinding" contract="Microsoft.SharePoint.Administration.Claims.ISPWindowsTokenCacheServiceContract" />
  </service>
  </services>
  <!-- Binding List: -->
  <bindings>
  <customBinding>
  <binding name="spStsBinding">
  <binaryMessageEncoding>
  <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152" />
  </binaryMessageEncoding>
  <httpTransport maxReceivedMessageSize="2162688" authenticationScheme="Negotiate" useDefaultWebProxy="false" />
  </binding>
  <binding name="spStsActAsBinding">
  <security authenticationMode="SspiNegotiatedOverTransport" allowInsecureTransport="true" defaultAlgorithmSuite="Basic256Sha256" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12" />
  <binaryMessageEncoding>
  <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152" />
  </binaryMessageEncoding>
  <httpTransport maxReceivedMessageSize="2162688" authenticationScheme="Negotiate" useDefaultWebProxy="false" />
  </binding>
  <binding name="SPWindowsTokenCacheServiceHttpsBinding">
  <security authenticationMode="IssuedTokenOverTransport" />
  <textMessageEncoding>
  <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152" />
  </textMessageEncoding>
  <httpsTransport maxReceivedMessageSize="2162688" authenticationScheme="Anonymous" useDefaultWebProxy="false" />
  </binding>
  </customBinding>
  </bindings>
  </system.serviceModel>
  <system.webServer>
  <security>
  <authentication>
  <anonymousAuthentication enabled="true" />
  <windowsAuthentication enabled="true">
  <providers>
  <clear />
  <add value="Negotiate" />
  <add value="NTLM" />
  </providers>
  </windowsAuthentication>
  </authentication>
  </security>
  <modules>
  <add name="WindowsAuthenticationModule" />
  </modules>
  </system.webServer>
  <system.net>
  <connectionManagement>
  <add address="*" maxconnection="10000" />
  </connectionManagement>
  </system.net>
  <connectionStrings>
  <add connectionString="Server=sqldb_qa_sharepoint2010;Database=SG_SHP_Claims_Authentication;Integrated Security=true" name="SHP_Claims_Authentication" />
  </connectionStrings>
  </configuration>
  I have backupped the machine.config and restored it (the file i edited was in the following dir: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Machine.config)

• SharePoint 2013 web service: Error while sending claim based authentication request (The corresponding SID in the domain is not part of the intended account type)

  We are using .asmx services for SharePoint features such as comments, and rating.
  Service
  Feature   used
  http://<<hostname>>/_vti_bin/socialdataservice.asmx
  Commenting, Rating
  http://<<hostname>>/_vti_bin/UserProfileService.asmx
  For out of box workflows
  In SharePoint 2013,
  SharePoint – 80  web application is on claims based mode and user is logging in with windows authentication. With logged-in client context used to call SharePoint's default web service, we are getting below error message from
  web service (Social data and user profile services).
  Server was unable to process request. ---> The corresponding SID in the domain is not part of the intended account type.
  When the service is accessed using console application with Visual Studio credentials (logged in user), we are able to access the service. Below is the code snippet
  using   (SocialDataService
  service = new  
  SocialDataService())
                    service.Credentials =
  CredentialCache.DefaultCredentials;
  SocialCommentDetail detail =   service.AddComment("<<url>>",
    "Test Comment",
  null,  
  null);
  Are SharePoint 2013 web services not supporting request coming with claim based authentication web application?
  Thanks, Pratik Agrawal (MAQ Software)

  While this applies to 2010, I believe the same is true with 2013:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/925e5f46-317f-46d3-bc55-c67f07eb2372/call-sharepoint-web-services-using-claimbased-authentication?forum=sharepointgeneralprevious
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Adobe Acrobat X Pro cannot handle claim based authentication

  Hi,
  The system has licensed 'Adobe Acrobat X Pro' installed successfully. When SharePoint 2010 site collection has NTLM authentication, pdf document can be edited sucessfully using 'Adobe Acrobat X Pro'.
  Issue arises when the sharepoint 2010 site collection has claim based authentication.
  User logs in and navigate through links as-
     Workspace->Document Library.
     Selects PDF document->select "Edit Document" link.
  This action opens Adobe Acrobat X Pro, but do not open pdf and displays error "There was error opening this document. The filename, directory name, or volume label syntax is incorrect."
  In this case, request-response caught as-
  OPTIONS http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/WS%20Library/89000000 HTTP/1.1
  Accept: */*
  User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 10.1.1 )
  Host: dev-ms-db-01.devrapdrp.mahadiscom.in
  Content-Length: 0
  Connection: Keep-Alive
  Pragma: no-cache
  Cookie: SPSESSION=IWyGCxHlHGZr0eWSuEDJvOt7+i2Io81ggZFn+tFAtcuOYqDUjzIINxLXo5V69CSSbTi+UsSjgB8fow/ Gr0UWuGEHRpliqgfRGPsjaPO4vdYVCKJ+HAtMjCgcVx6HuVHUeO4/hpsI7gb47X9s4OmsgXkd6MqTFlVQIIMHxDtuE 6WpZxnSEl47voXnX11FkcIWSk8BqEl4+PnC7Paktct3SEJdgY+lWsazcsMqD3HrEGe0w7Qn0VN2lWglt1N5ejSDNyR oKoPAZKsm7fDqxO+SDHBF+UDEN2VvOhOV/PL5OIwRLKU+niaYolAZyDrASixdMm012NwchcLbqELJPT6sxfYEyMbRB MF2o1W922SYSkfAEKSFZ5ikkRyTCcuMNuI6fMQ6t+Xti6pcX/Vula+qf9q+vqPVxkZ5ACPih6EgvnUqxiNXgzLQ7c/ gYjo0D8ZP79KixoROJPs5VRZhmVKCnMY+SSn/4TNf2vW5eMiJeHdeeciMWpHC7cZ+Z6Uh3w+Aj9n9FTux2N++WTjRx wbIBluqQL1ZuCd3XnXBxlG9C4Wi1dAynp3YSd1axyOciVQmwnPuZg9XgROeqCM0/z4nmKkAYuu1MRH0acgVOu3PL/q C06T+UOxvHUKtU7Qe14TFFioYY8e/Rrfnd2uOIujUZLM/kJEM+kSguvoWeK+ABZHyTvPCw5FRxAsDNCiA2rklzFtUx yoI6SqDDlGidY+TRQaRfLX0xvlTqr7PPuEMLKAoEGwkBPvOV24eUPcVC1+PgKMt2rsbt1tZYn7adS4dZ3aRaj0zp9Q 8Pea2lFTxvsANYklT05kHQt832VsFQ9PGuHPTX7A7z6QUW4P4GOE5dJ5USawOrjxZ/Mi621NZlLaLfTzPTJmxcJu3X cCG8VrkMco9JfbxnM0ZKgD9OI+qjnQpJXpkjNChtrgZ+tYzLPb4TpQgQphBTfKIyhcXwW9Y+Lze/3P0zmjpiTIWWN3 mbyE5W07KpCtwvvECJhCn1cMlPoaEV0ZxWJsPcYNVNqFcWeQiDJugkAe7VlWJsiznjJDioW+98SsFoZWz/4U0KCB0P Ja/4VAMdzRQmm0owEucWBHUUw1//9ufkgk7DqZ75sH28cjfsfiKiBZvLe61Q8yxs5iiXqHBkp6WRaPH93CslYI1sa4 izeScEye2decQObEfVDY7KAOFAQSW95hlqSHcSlm1hgYR+AsMmffnqHcH0ebyjsvYJoI3o7AMXjev7o9qGH9eEd+eU Tpn3lnqvDdbbTYdkjtE8HeOkhqiEIXUj5jX/owYjASbW0Q0l6M+QjRUu/eJaBVNYEG8l3xIbnPTGyEWM3hCCbIvoXA WlN972hL4x+SDGkr7pK+gq/D6+5+FL2qqB7Vr9aRnc1nPSV6nx8oEgX/fcZpPWSACwphq
  HTTP/1.1 302 Moved Temporarily
  Date: Tue, 16 Jul 2013 10:42:30 GMT
  Server: Apache/2.2.15 (Win32) mod_jk/1.2.30
  Set-Cookie: SMSESSION=yFelHh2awfWW7yLKZHpSnNHDstixrmkciGIIqfLtwSRrLEQeVdI4R9iO3Q9qynhWDFCk8OIW2HXl+Cl JOdVC5/mwavCdDtHZYn5tL1s6C3BjIGLJowaDVTXUeGZAt0JcyVHEQcsIVgiiFlmkPKPapEOprHPItaa/vZJal5eeK 7NN8s0RrJ+Me1PlBmRQdBSklMxilciwMaLMXAKRwHSstl3kw5n2Qo5VCRmjG34k3gsYWNHh/I5o6buRRszeGpdZLeU 9GLeOdk8r3qXiXwIOvBhkBZrfuPKMAa1IIhftEdeJgKh9XSuCxAHs8wTEGCDzBNSzqZ3Q6S1UhC8/aA8qw1o2lVMbn 3AaYb2LE2/PgW9pN6VctY4XW6O8Dpvri8iXMCHLR28F8KrzLgust3CPBu1D/APPyJpsc1ya/IxdO5FWmCmBvGviEnN m9sNjPZVMSg3rpUgH8C492Kg5k4TzbqRsCvnI7o8ulycpBLvQOoQ97xOO8esCj/jtQAC8Y2bKLCKPqJhSJO4ROCaK7 6cGMihhGDhqE5+IJsW4Wr7Om4l4mO1Ov28hwJiGZVW0NsF0BJDrqPcagMAolIQ8xgTX1wpxPQebt/voTr5+ZjPbUj5 5LRvavod8ePnrE9majS/Fzr1QkHpeZvMxE6UBJ3r32uiEqykcm91nKIZpgBNkwKP9HzbgMSh8KV+y4vxQeOUT2rQo8 8r3vql9d+XCU7jk0jv6J+ugBBxGVaRC99thR6kvolTo7QMn6vsUk6ZC57IpSy84CQHSxp0vtNYdnTRcL8IZUPXyh3L iBnmCmdpRbEpN2l8kR23Jn0Zb1i/BxbMFU5El8xkhxWiZPCRLHctIIoXhv6Mt4amlc84MbawQedaL3ynWQFPg3sgyn 8KbigvV6nKf+rOBeVVU/fwCpLRwHxZ8x5aKWXPTZuT1W3tCkA6OwWIi9fshksawMgzTnNYpP/vz+Yrp/akquH5qb25 ZXsUHaMzR6YC0Lnw7wAMjRoDELznOVg0fgL12mjRkplI2Fg1HjsbmGNtdsCuS5Nt/VAiur40GNPnRG+kYtTVvaTOLw ShaXSqbKc5y0Z2MiQ+sCxXmXueRTtnXYiMKd3dszcGkor3mW2QrJqkFblcTSnIUeYDHhCMK+dt/0xA1jsVVA9Zal4F ISyWTryDUK5BQHVGyAHOoZK7NsYosGabLtvVe777VO4Q3eBSWkEU5QWpe47eAe54o1nfsR+gl0lJjR7q9Ms5LNW9qU NZaBahic1+c4MqhqLY5l+yqrig3CaFm; Domain=.mahadiscom.in; Expires=Tue, 23-Jul-2013 10:42:30 GMT; Path=/
  Set-Cookie: SPSESSION=aecQ9bgin1o3zGDHNhZJB8l5o1MmEmOjAMaACmYoXuqvLFak53UjUmMYKSW5VJ6CyOr/ahKrDAhWXja D8f/eFAW6G5oZ/4t6D0TSiozDepGNHdCRJ72Z/mAenAOQI63rkXwnWuCzmOZXGW6ZPIvSjPw3+0GGWnNFkM4ZhBhxs ZBKM2x2v4xy7I2LUTW4vV8IQovBHXIUfGxD38TuqBBfRR1tQu8GsW/q7LFQSSim+arvHSaJwrcNk63pCX539ouCEBi Ng8LUj9NPUF5FwiZwA7hcGNiRWdMae71ccYkVqmWC0WkU06KZETrqotVFGS8azZSPd+/xx6OodV5wxTq43Y/8CwEAL NqCZv/Ye4OJYYmParYAhgdON/PZ4UEuI5+dG/pICSxYA6NJyuswMz7LiIEXaltAhhhK+margc26sMGOf8hpE7M5OpV sU/Fc7ylpg2bmvT0bKOGg1o8h2jJIBx0SRhs6CByjauPdu3rBA0HVTRQnammCiWnjkHgJvyONi7B78HDo2vmQvB9og 7U9xQkhywLwg+ZyCmtx91zV1paP7Sk2pBPnGRQK+/WLdk8zEOG5d9Thmg4X9INZVgt8qwwOTky8mp9wNi48eO670BF DdD4PCM+PpiYAjV8NernCXcREpSD75THtvZNLq5LEzgmwNk6bThLcXHNYt5zhZEo/v559nDrx97r1EceZImKfII0kI QA6RS0MajM1/UvoI+gBjXqnXbybskBhdnt13zeoth6OmIP9DSjahILqOban09bmLXgzspG5t/EmIOdawfy/JKuRNPA H4nExF8Tt2iBRu1mLvcqWOidFKG1Qm/fo0YEalDZe2+m5PF9vCe5nWnqEPyzCOfcSzU4HnTFjyatlnunbexREhDNz7 2/oVfxq9sii+fiJgMM04J83WSwIE2dDhNN1/PU8+TH+WIkkB1r/DkI7ynir9g+5o2pKPyWem+HxRUmWy4AWGlbp+xT gPP7A7ZcOFMcWbzItEIEUpgYOXILk5DIXe8o08910s6bmYlUDZNRPBp/ZsqhI4A1cCQcdKqnCmx8BGkjJ/3VRxFxvx CeBJ6sEJomnUD+mw6Lxy10Q1r0QHAvbv2j4NLOR+XAoxMU2ye9mzrhspyWWEa2S+LgxhV5V563sNFXB57f+WJzIblk ww1iENF2rEhJtTebC3EEy5MkFlXPsacq4OUKsgavAlhO0xDIdhrg233eTZYFvIZ3xOhmjrfiLdkS/XvB2gwq6QRniU QDIY/D0QPtnNJ+GGFM/Mqvciu5K7gi6SK85nWiY08hnBJfiUen7C+KZ0lAEH2zNUhPnIJav0BgA/yIZhNswd3fZXoS ioFFz45isPRMYkZqkNEkoy32wBH5qVSHRJPIGxiGXT1b0ccUiuJx4ptKt7xKDqvsGmnu5; Domain=.mahadiscom.in; Expires=Tue, 23-Jul-2013 10:42:30 GMT; Path=/
  Location: http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/_layouts/Authenticate.aspx?So urce=%2Fportal%2Fworkspace%2FWS%20Library%2F89000000
  SPRequestGuid: 4fb96723-8eaf-4249-9f63-13a3c4d61a25
  X-SharePointHealthScore: 5
  X-Powered-By: ASP.NET
  MicrosoftSharePointTeamServices: 14.0.0.6106
  Via: HTTP/1.1 dev-ms-db-01.devrapdrp.mahadiscom.in:80
  Content-Length: 259
  Keep-Alive: timeout=5, max=99
  Connection: Keep-Alive
  Content-Type: text/html;charset=utf-8
  <html><head><title>Object moved</title></head><body>
  <h2>Object moved to <a href="http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/_layouts/Authenticate.aspx?So urce=%2Fportal%2Fworkspace%2FWS%20Library%2F89000000">here</a>.</h2>
  </body></html>
  After getting this response, 'Adobe Acrobat X Pro' do not send any more request.
  Note, the same site collection(with claim based authentication), opens and allows to edit microsoft document successfully. There is request-response sequence.
  Giving one of them for example, because all will flood the page-
  OPTIONS http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/WS%20Library/89000000/ HTTP/1.1
  User-Agent: Microsoft Office Protocol Discovery
  Host: dev-ms-db-01.devrapdrp.mahadiscom.in
  Content-Length: 0
  Connection: Keep-Alive
  Pragma: no-cache
  Cookie: SMSESSION=yFelHh2awfWW7yLKZHpSnNHDstixrmkciGIIqfLtwSRrLEQeVdI4R9iO3Q9qynhWDFCk8OIW2HXl+Cl JOdVC5/mwavCdDtHZYn5tL1s6C3BjIGLJowaDVTXUeGZAt0JcyVHEQcsIVgiiFlmkPKPapEOprHPItaa/vZJal5eeK 7NN8s0RrJ+Me1PlBmRQdBSklMxilciwMaLMXAKRwHSstl3kw5n2Qo5VCRmjG34k3gsYWNHh/I5o6buRRszeGpdZLeU 9GLeOdk8r3qXiXwIOvBhkBZrfuPKMAa1IIhftEdeJgKh9XSuCxAHs8wTEGCDzBNSzqZ3Q6S1UhC8/aA8qw1o2lVMbn 3AaYb2LE2/PgW9pN6VctY4XW6O8Dpvri8iXMCHLR28F8KrzLgust3CPBu1D/APPyJpsc1ya/IxdO5FWmCmBvGviEnN m9sNjPZVMSg3rpUgH8C492Kg5k4TzbqRsCvnI7o8ulycpBLvQOoQ97xOO8esCj/jtQAC8Y2bKLCKPqJhSJO4ROCaK7 6cGMihhGDhqE5+IJsW4Wr7Om4l4mO1Ov28hwJiGZVW0NsF0BJDrqPcagMAolIQ8xgTX1wpxPQebt/voTr5+ZjPbUj5 5LRvavod8ePnrE9majS/Fzr1QkHpeZvMxE6UBJ3r32uiEqykcm91nKIZpgBNkwKP9HzbgMSh8KV+y4vxQeOUT2rQo8 8r3vql9d+XCU7jk0jv6J+ugBBxGVaRC99thR6kvolTo7QMn6vsUk6ZC57IpSy84CQHSxp0vtNYdnTRcL8IZUPXyh3L iBnmCmdpRbEpN2l8kR23Jn0Zb1i/BxbMFU5El8xkhxWiZPCRLHctIIoXhv6Mt4amlc84MbawQedaL3ynWQFPg3sgyn 8KbigvV6nKf+rOBeVVU/fwCpLRwHxZ8x5aKWXPTZuT1W3tCkA6OwWIi9fshksawMgzTnNYpP/vz+Yrp/akquH5qb25 ZXsUHaMzR6YC0Lnw7wAMjRoDELznOVg0fgL12mjRkplI2Fg1HjsbmGNtdsCuS5Nt/VAiur40GNPnRG+kYtTVvaTOLw ShaXSqbKc5y0Z2MiQ+sCxXmXueRTtnXYiMKd3dszcGkor3mW2QrJqkFblcTSnIUeYDHhCMK+dt/0xA1jsVVA9Zal4F ISyWTryDUK5BQHVGyAHOoZK7NsYosGabLtvVe777VO4Q3eBSWkEU5QWpe47eAe54o1nfsR+gl0lJjR7q9Ms5LNW9qU NZaBahic1+c4MqhqLY5l+yqrig3CaFm; SPSESSION=EHC4LQyCHd29iQYBYn4tZz32xTbluDRCKmE7MfoOvlo4X4bkU2z2+YB3GbbMs99E/nVU/QwCPFaNxTz 6dx9EAHyBo1xhs6fNhkrlFX+m/EZiufmafae/osbzcdx2fWbEsh78UnstGbRPRX5kSx8gCXRnc14vWagr+Y6nufb3w 50c+5u96DQJSR+WhoZOiVnmoeUHq7TIgd9N9dUl+9lBOyFfetYCHjvZNWHKANLMIl3lkbvO5xtMBpGLGZ/m12mitKx TQKJ++dbRcCUM9f8e52nz/soFLjhd3bL9KCln9IsaqBtBW1n/rBtxogQq8CLGl64RT3gW/yIAPPvCKQHKvT/PjsNOQ c4K4vSdN9zSxJFwrC6s1s046wxg707+iHQzChaVI8E/DcQPFn4FkdntwrO9CejVT1qSEkqRbr1XsxONaNWQu2SOyTQ 6vz3fO1j/Y+SH3R9+liZ/Q9HnQyh6DgMkswvbcJDqoVK61B6QGOJECihpMxjrtdHCEFDulMb5rnE70V3hBttLJRj8R 5T5ttHG5geAjync4BaWfIDLoi1hfJtUMPASnZKLzIl/SOwYHxFLIWL/P57T3NkrjiqTkoeqvP63Qf1pnWgh18gOFIF JuncxdnNI2Mg67UlJ+JPxQMPf6tuPWHD78SActM6r0pAnz7tbHmjb14D7ZmPjPN98yORlUxbL4vNzoXJYbYn0f3ZPw Rw6I1pF8cThGuMy7mb+0zwCPrsDCl23yS03l7GFavyk9bGRc4SDh5INslA1TI1rVS4k+9ECZpPKHiEtDDjQKWoO4Pi u/WrXgNWT3wl49qslDfBnHucyXFH6+FWfOBcP82DsbGLXt6+wsDIdOhTXFbweAIPXgsLL1bIjpBPzwR4KwIf0lOKxp O+Bah5ZQs7JtPIBjsnWO/KUfU4vQN3H6lBUBm8+lLEVNA8tBnyDhXhxvLmL3j7eeMCigRQsVtVOAwT9Lbyk+wie6Fa 2JzgNUXDJFL/n3uo/I1U6Z+UFz+oKaP/MPutCGUMFUq1K9zO9g60UD9YaB+OxIfO5vudJ0yrhaVAeSeyWn3bnVCKZi xHTpG1frsQqMm2NkmnMoe3r3KvyqvbdEBiLGVniyBUDRYqOn5vTTnvnRMuxpR+jRiSSg1REarO1IJLEUBX2XDAkuNY 5/ulMUVJXikVpRHE8T4NXVFssFtMYE6ff4Whc1ZrLiIt4QQy85QFszpI4jqVdb5Zrn66JdgY4w168+wHllLZh9iyoK CZKAWNRQzJSqfOmEqbMVMR+dAnBAwDRqydZ8AiE2lhlgqHB2dk3hETwickBvAldOqZdJu3jJ/w6CGL82Tx2W5eyHQU EkHU/gs7Lrpjxyc+fJSPK03LKZlS2Gpy5wHx2LFybBX1FndVbml0axdbX62uIjEOnDvD1; FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+MMe1LnR8c2hhcmVwb2lud HJlYWxtMWZvcmRldnNoYXJlcG9pbnRhZ2VudHw4OTAwMDAwMCwwx7UudHxzaGFyZXBvaW50cmVhbG0xZm9yZGV2c2h hcmVwb2ludGFnZW50fDg5MDAwMDAwLDEzMDE4NDQ5NzYwMjAyMDAwMCxGYWxzZSxlSGZscEVHNDJEK2F3SXRQVFNLa GNXMzR5VU1HZ2hIVVRNT2ppaDJxY2YzcVRtKzcwR3RxblNmQUlQSisxZkhZZXNzaUhsejRWU1owRkJJRExEWDdXZWt 0dXNYUjd5YUtiRzNxdEdzZEVWM0ZXWmp0Y20vdWpkdHhlTTcxd0luRllEQ25ld1oxa3k0MUJ4NVFOanFlSGpaMmdtZ GVWZEdLczdHTGxWV1J0NUVYMWJNT2pnMTBsaGQvV2VQc1dCNGFWUDBXWnlwdEpmUEZHTEV2QjVCdHZpd1ZjekFwQ0d HTGY5bkk5S2IxS285aHhxMXNuUkxKbi9GNi9HdG50M3FMaEl1YnR5ZGwyNHBiaXBVQ2RuZjNldWExeVFxQWdqV25zN mFONFV5VHMrQVpGUlRmcDBUVHNzL0R1d2dGa1IwSlpCZGd5UVpTNlBRTTZhK3J5ejlpZmc9PSxodHRwOi8vZGV2LW1 zLWRiLTAxLmRldnJhcGRycC5tYWhhZGlzY29tLmluLzwvU1A+
  HTTP/1.1 200 OK
  Date: Tue, 16 Jul 2013 10:49:17 GMT
  Server: Apache/2.2.15 (Win32) mod_jk/1.2.30
  Set-Cookie: SPSESSION=v9NiXhTOuExWMzaHXx+oFJTtC8w0vd23LS5AQL+js7Z+xCp9rbe1nlErG4kE+MQ1JzYoeF7PQ/h7Jjm l+8Z/qBIeTuO2muL+g/fQAYSAxx7kPlVVkRZ/gwq+2EtkYtQ/5egbPmSvyY/Uba5QndnYpjok3r4qJRY7p48tN4rr+ vcoolRC1bSVZaU7WrjOxnX7YbAeNNWRUIpI9Ut9L4G0tmv5NlGtg6SxnTZ1q+lbAG+/ZEnAxJorBFkq+tZZP9cRLB5 4u67swngb67etK8EVNbFrTXW/8n/XlotfF6dUgiVfD+tAfdsNJO7jsQ4bsAh4dP0frS/XDlPyv7QE1ZbYKC5gw5UOi m4Zw3Fitc0DrrQCEOpDZiWvK/gqxzAHm2PJPMNoM0jYxiuSAU8P6Y76vFsHWTY4Kkdhin9VTdEAxDMweMaEyS1ISbZ CHHxLHsAWyhUm24CFL1fZDcRW0x1DcoMu3y8yAN4tvXz4hn5GC46qI/q83+f3uNn6mdDYoEcEwbrVHP6K2YlErWfox gCz3Us7msXb2eK93fBQDRhUvhm9F300mr7523tWvVioeiNPGX7dl8CQxU67TGkkV9s45F3ShZKTlH0DsWSLJPhtd/D xENhCJR6yG4VkT1nThp6SpT2CuHmnlzYodKsRAtaDx5kCwlo9TKsIezs1FQqxtxZkvKxqaULgRx5ZSK/fJz6PiQwNd lRKUFw9uG5J9EWTRuz0AoWn0WF+32VWIeglhyDaMi/GWaD1pVZffnT68KRQWINVm/r3WPvk+23mPOYUX07Vy5bGO21 sZzCxLjmrhibt1wgF/syg9swcplf46JV61Q6ASMi/tXxRGcaCg75+8PrE7sjYjnxXsutmJJqtvnx6pdgpb4akmWnZF DRvptVxs0d/kMbf2YA7sJRpbNcIIR6tpIgm2FzKtk80Bj5aDM/e+FVfH0mpoqEk9/IwC2SdCoUfg6OFVV9JBowhCkj 17o1saz73pQoAzG5o51m33R1959jrQIwOwsI4t2R27F6jY9RCRzKvbEBPxhwl4hzpZ/LY5cQr1CvOlCPilXGlgKFGx rQl56OVQfsUFwBLEufTrHN5XR4SITUU1PW0IOgjxwems5jNlmsddWIsu08nmVuuagFQUaKwxk0p8jd9S4QBHFbknLv WhSgPfcd7yahHw0oqJ5cAFyjMa/LY1QD8MN8INDIEuY5jvzM5l5Jxn0Tr5i4aqHit89i3n6VeealPDEzS1CSSg0U3y P5K0DTAKMQLyUzFMB9ND63pAeNJaY3+PfmIYZsiQgEprNv+dagHVL3j8iU5kskxsIiRqJxVLt4G6WagnKcbCQt4gmz Enb5LSst1Zhx+MvYfCTwr8wYhrgnBCMNQEuC0i8FH5rM2GrpFDOL1336GX1tgyR5nTSXi; Domain=.mahadiscom.in; Expires=Tue, 23-Jul-2013 10:49:17 GMT; Path=/
  Cache-Control: private,max-age=0
  Allow: GET, POST, OPTIONS, HEAD, MKCOL, PUT, PROPFIND, PROPPATCH, DELETE, MOVE, COPY, GETLIB, LOCK, UNLOCK
  Expires: Mon, 01 Jul 2013 10:49:15 GMT
  Accept-Ranges: none
  SPRequestGuid: 2f248360-fd85-4fb3-a185-b01dadac3f7a
  X-SharePointHealthScore: 4
  MS-Author-Via: MS-FP/4.0,DAV
  X-MSDAVEXT: 1
  DocumentManagementServer: Properties Schema;Source Control;Version History;
  X-MSFSSHTTP: 1.0
  DAV: 1,2
  Public-Extension: http://schemas.microsoft.com/repl-2
  X-Powered-By: ASP.NET
  MicrosoftSharePointTeamServices: 14.0.0.6106
  Via: HTTP/1.1 dev-ms-db-01.devrapdrp.mahadiscom.in:80
  Content-Length: 0
  Keep-Alive: timeout=5, max=96
  Connection: Keep-Alive
  Content-Type: text/plain
  When site is with NTLM authentication, adobe acrobat x pro opens and allow to edit successfully. But when it there is Claim Based authentication, it cannot. It seems Adobe Acrobat X Pro does not have capability to send appropriate headers to handle claim based authentication. Also it is not able handle the sequence of request-response for claim based authentication. When searched on web, there is one product of Acrobat called LiveCycle, which has capability to handle SAML. Does that mean Adobe Acrobat X Pro does not have the capability to handle Claim based authentication so it is depend on LiveCycle for it?
  thanks
  Sharmila

  Hi MkkLam
  The below mentioned link might resolve this issue, kinldy try it:
  LInk:  http://helpx.adobe.com/creative-suite/kb/acrobat-failed-launch-30-days.html
  Other related thread:
  http://forums.adobe.com/thread/1021632
  Thanks!
  Atul Saini

• Cannot create dataset from claims based authentication sharepoint site in report builder 3.0

  I have a sharepoint site, which is configured as claims based authentication (ref:
  http://ashrafhossain.wordpress.com/2011/05/25/how-to-configure-claim-based-authentication-for-sharepoint-project-server-2010/) . both AD and asp.net members can log in to the site successfully. My user need to use the report build to create report
  on this sharepoint site. As a result, the site is also integrated with reporting service. I try to create a report in the sharepoint site by clicking "New Document" -> "Report builder Report". The report builder will comes out and ask for credential to
  connect to the report server. I use asp.net member to login and it can let me to create a data source which connect to a the list of the sharepoint site with credential option "Use current Windows user. Kerberos delegation might be required". However, when
  I try to create a data set and click the query designer, error "Server was unable to process request. ---> Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" appear as below:
  Besides, non of my AD account can be used to login to the report builder. Errors below found in the ULS log:
  09/26/2012 14:47:27.75 w3wp.exe (0x116C)
  0x11F4 SharePoint Foundation
  Claims Authentication fo1t
  Monitorable SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated.
  (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  09/26/2012 14:47:27.76 w3wp.exe (0x140C)
  0x0F38 SharePoint Foundation
  Claims Authentication fsq7
  High Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message
  response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
  rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  524a2f96-f5ff-4c96-80d1-f08d3c7ef14f
  09/26/2012 14:47:27.76 w3wp.exe (0x140C)
  0x0F38 SharePoint Foundation
  Claims Authentication 8306
  Critical An exception occurred when trying to issue security token: The security token username and password could not be validated..
  524a2f96-f5ff-4c96-80d1-f08d3c7ef14f

  Hi Foxvito,
  Claims authentication types supported by SharePoint 2010 are Windows Claims, forms-based authentication Claims, and SAML Claims. In SAML-Claims mode, SharePoint Server accepts SAML tokens from a trusted external Security Token Provider (TST). From the
  blog you referenced, it seems to use the SAML Claims authentication.
  However, the Reporting Services client applications: Report Builder, the Report Designer in Business Intelligence Development Studio, and Management Studio do not support connecting and authenticating with LiveID or SAML Claims based SharePoint Web applications.
  That's because the SAML Claims don't use the Reporting Services authentication endpoint. So, you have to change the Claims authentication type to use Report Builder on the SharePoint site.
  References:
  Overview of Kerberos authentication for Microsoft SharePoint 2010 Products
  Claims Authentication and Reporting Services
  Regards,
  Mike Yin
  Mike Yin
  TechNet Community Support

• Move Users from one OU to other on AD based on the OIM user profile attrs

  Hi All
  I am currently pre-populating AD User OU attribute based on the OIM User profile Location attribute. This is working as expected.
  Now when the location changes, I wanted to move the user from the current OU to a different one based on the location provided. Here I am kind of stuck.
  I think I can use access policies / User triggers to get this done, but is there any other approach / additional configuration for pre-populate.
  Are pre-populate only for the first time User Provisioning?
  Regards
  user12841694

  Hi Martin
  For the above requirement we have used lookups and could accomplish the task.
  However, I need a minor clarification here.
  I have OU dependent on Location Code & I also have Users Home Directory[on AD process form] dependent on Location Code.
  How should I use the User triggers to trigger both Change HomeDir and Change OU process tasks on AD User?
  I will create a dummy task with name "*Trigger Location Dependents*" and always return a "TRUE" response in the integrated adapter.
  Now upon true I will generate Change HomeDir & Change OU process tasks.
  I will provide Trigger Location Dependents name aganist USR_UDF_LOCATION code in the triggers lookup.
  Should this work or do u have any suggestion..Please
  Regards
  user12841694
  Edited by: user12841694 on Dec 23, 2010 6:59 AM

• SharePoint 2013 Claim based authentication

  Hi,
  I'm trying to configure SharePoint 2013 web application to use Claim based authentication. I updated the SharePoint web application using the following cmdlet:
  Convert-SPWebApplication -Identity "http:// <servername>:port" -From Legacy -To Claims -RetainPermissions -Force
  I noticed that the authentication mode has been changed to Claims Based Authentication for the detault zone. But when I use fiddler to capture the traffic, there is no FedAuth cookie for the traffic to my SharePoint site.
  Questions:
  1. Does FedAuth cookie must exist when the SharePoint web application is configured to use Claims Based Authentication?
  2. The "Enable Windows Authentication" is checked and NTLM is selected for "Integrated Windows Authentication". Is this a correct setup for Claims based authentication?
  3. Is there any documents talking about how to configure Windows Claims-Based authentication?
  Thank you!

  Hi Wu Tao,
   Please find the below technet links and white paper (Claims-based
  Identity for Windows (white paper)) which will talk about windows claim based authentication.
  http://technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx
  http://technet.microsoft.com/en-us/library/jj219571(v=office.15).aspx
  And the below link will talk about setup for claim based authentication.
  http://technet.microsoft.com/en-in/library/ee806885(v=office.15).aspx
  If you need more information, please let us know
  Sekar - Our life is short, so help others to grow
  Whenever you see a reply and if you think is helpful, click "Vote As Helpful"! And whenever
  you see a reply being an answer to the question of the thread, click "Mark As Answer

• FORM Based Authentication and Browser Refreshing

  We are using FORM Based Authentication in our web application and it works rather well. I have noticed an interesting bit of behavior that I am unable to explain. After an attempt is made to access the first protected resource the container will display the login page specified in the web.xml file. After successful authentication the original protected resource is displayed as expected. In the Address line of the browser however the original URI requested is now replaced with the following:
  http://<domain>:<port>/<root>/j_security_check
  Now, when we hit the refresh button on the browser we get the following error:
  404 Not Found
  Resource /<domain>/j_security_check not found on this server
  Two questions. 1. why does it do this? and/or (more importantly) 2. How do I prevent this behavior or work around it?

  I�m trying to figure out how to pass the user�s ID
  and password, using form-based authentication and
  file realm, to our JDBC connection. Two separate issues.
  I've usually seen it done where there are three tiers, of course. The user provides login credentials from the view tier, which are passed to the controller tier. The controller will validate the user against a database or LDAP. Once they're validated, the credentials are put into session and provided for all apps that need them, including the persistence tier.
  The connection pool requires that you create connections using an application ID, not the user ID. You have to move the security out of the database and into the application.
  %

• Edit User profile Property - grayed out buttons

  I am trying to change the mapping for the Work email property in the User Profile but when I edit the property on the "Edit User Profile Property" page, the Property Mapping for Synchronization's "Remove" button is grayed out as well
  as Add New mappings "Add" button. I am logged on with the Farm account which has admin rights to  the UP.
  ITGirl

  Hi ,
  For the Add New Mapping's "Add" button grayed out, when I change to another/second "Synchronization Connection" from "Source Data Connection" dropdown, then "Add" button will be available.
  For the Property Mapping for Synchronization's "Remove" button grayed out,
  please make sure your Farm account or user account has the following permissions, then check results again.
  http://technet.microsoft.com/en-us/library/ee721049(v=office.15).aspx#MapUserProc
  The user account that performs this procedure is a farm administrator or an administrator of the User Profile service application.
  The user account that performs this procedure is a member of the Administrators group on the computer that is running SharePoint Server.
  Thanks
  Daniel Yang
  TechNet Community Support

• Where I can get visio file of SAML claims-based authentication process

  Hello
  I saw SAML claims-based authentication process flow diagram  on
  http://msdn.microsoft.com/en-us/library/office/hh394901(v=office.14).aspx . Please let me know where I will get the visio of this file.  
  Regards
  Avian

  What makes you think that such a file is available (to the public)?
  Use the graphic, or make your own.
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Certificate Based Authentication and SSL

  To whom it may concern,
  I have installed SJES on Solaris 9 x386 (intel version). Everything is running fine, the mails are also coming and going.
  Now, I need Certificate based authentication and SSL. I have downloaded versign.com trial certificate and have install it succesfully in the Messaging Server Console -- > Manage Certificates. The certificate is also visible in its tab.
  Next, I followed the documentation and enable ssl by using ./configutil utility. And also restarted the server.
  I am running my Messenger express (http) like this :
  http://testing.xyz.com:8100
  (I am using port 8100 for http access to mails). After restarting the mail server, I tried :
  https://testing.xyz.com:8100 also,
  http://testing.xyz.com:443 also,
  https://testing.xyz.com:443 also,
  but I cannot see the login page of the mail server. All the above mention url i tried and just given error "the connection was refused when attempting to contact testing.xyz.com. I CAN ONLY SEE THE LOGIN PAGE WHEN I WRITE THE OLD HTTP ADDRESS: i.e. http://testing.xyz.com:8100
  And I also checked the logs and the server is having no problem in starting and there is not a single word regarding SSL enabling in the logs.
  Please help me out, it's really a strange behaviour. I am using SunONE Messaging Server 6.0.
  Thanking you,
  Farhan Ahmed,
  System Engineer
  Dubai, UAE.

  Dear jay,
  I am pasting a line from imap and http logs ... i don't know what this error means and how to resolve it.
  [29/Dec/2004:14:42:45 +0100] testing imapd[888]: General Error: SSL initialization error: ASockSSL_Init: couldn't find cert Server-Cert (-8183)
  strange thing is that my certificate name is lowercase server-cert and also i can see in the GUI console the certificate name as lowercase and I have also set this parameter encryption.rsa.nssslpersonalityssl = server-cert (all lowercase), but the error in the log tells it as "Server-Cert" !!!! though it is "server-cert"
  i got this line from the http log:
  [29/Dec/2004:14:42:47 +0100] testing httpd[894]: General Error: SSL initialization error: ASockSSL_Init: couldn't find cert Server-Cert (-8183)
  I haven't missed the sslpassword.conf file step. I have placed the same password which i provided while generating the certificate request in the GUI.
  Help me out what this errors means and how to resolve them. I have also copied the cert7.db and key3.db to /opt/SUNWms*/config directory from the /var/opt/mps/serverroot/alias
  Thanking you,
  Farhan Ahmed,
  System Engineer,
  Dubai Internet City, Dubai, UAE.

• Form-based authentication and JSF

  I am trying to use a form-based authentication in Tomcat 6, and from what I understand the page that contains the login form can not be a JSF page.
  The problem I'm having with this is that I need the client's username and password accessible from my backing bean, but I don't know how to put them there from a standard JSP.
  Before all this, I had a simple login form with username/password fields that were bound to a bean, and a button that executed a bean method that would perform the login procedure, retrieve the client's data from the DB and create a Client object in the session to be accessible throughout the application. Now, I need to use container managed access control with form-based authentication, and I know how to set it up but don't know how to create the Client object if the container does all the authentication and I never even get a hold of a username/password combination let alone the rest of the client's data.
  Any advice on this would be greatly appreciated.

  alf.redo wrote:
  ...following article: [j2ee_security_a_jsf_based_login_form|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form]
  This is exactly the solution I am planning to use. It is good to know there are others who have decided to go that way.
  Thanks

• Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

  Please excuse the lousy table...Its late :-)
  I have a multi-server SP2010 farm.  Patched up to
  Configuration database version: 14.0.6106.5002
  My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
  letter (
  http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
  IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
  Claims Auth log entries:
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  f2ut
  Verbose
  Authenticated with login provider. Validating request security token.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Using membership provider 'ADAMProvider'.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Doing password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Failed password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)               
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Unexpected
  Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
  token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  fo1t
  Monitorable
  SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
  could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  fsq7
  High   
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  8306
  Critical
  An exception occurred when trying to issue security token: The security token username and password could not be validated..
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  f2un
  Verbose
  Form authentication failed.
  I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
   I found plenty out there and nothing directly correlates with this issue. 
  I searched on all parts of the errors I got.
  This contains an interesting blurb about setting up access for the apppool id correctly. 
  That’s not the case for me.  It works in dev and the same id are used there. 
  http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
  This was good but it doesn’t give specs on what the environment looks like:
  http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
  The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
  http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
  Any and all help would be greatly appreciated!

  Hi.
  You say its a multiserver farm, do you have more than one web server then?
  If thats the case, have you tried accessing the site on each server directly?
  Found this for you, maybe that can help?
  Troubleshooting Exceptions: System.ServiceModel.FaultException`1
  http://msdn.microsoft.com/en-us/library/bb907220.aspx
  and this:
  SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
  http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
  and
  This seems to be a good guide:
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  Good luck
  Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com

• Edit User Profile How do I enalble user lo loggin to their own profile page and edit it?

  Hi
  I am having some problems....... any help would be nice
  I am using DWCS3 and ADDT toolbox extension wamp and phpmyadmin
  I am trying to create a site for people to be able to post a profile with a picture and info and display it in a dynamic table.
  I can create the form, a database and display the data on another page in a dynamic table all ok..... kind of.
  I can create a user registration system with ADDT.
  I can redirect them after registration to a post profile page, which has a form to upload details. I can then display those details on a user info page.
  I would like to allow logged in users to be able to click on a link to their own profile page , which would show the same form that was filled out in the post profile page, but would be already populated with their previously entered information. I would like users to be able to edit the content of the form and update the information in the database and automatically delete delete any previously entered information ( only in the fields that have been edited)
  How do I go about doing this?.... step by step?
  I want to allow logged in user to view their own profile not every bodies.... how do I do that?
  I have read on another post that to do something similar to this I should filter my database information using a session varialble MM_username that I think is created automatically after user logs in .... but I don;t know how to do this.... I really don;t understand is this the way I link my user to a page that only displays their info ? or is there another way?
  I would also like to allow only people who have posted a profile to be able to edit profile ...... do I do that by
  1. new user registers and is redirected to login page
  2. user logs in and is redirected to an index page that has a post profile button and a edit profile button but only the POST button is active ( and links to a form to post info ) and the edit profile button is linked to a " You must post a profile first" page ( with a link back)
  3 so user posts profile and is directed to an index page which has an edit profile button which is now linked to an edit profile page
  Does that sound correct?
  Any suggestions in getting all this to work would be much appreciated

  Hi Yomi,
  I have created the users page which submits to a members page and tell the user to edit biodata, profession, and hobbies. but on clicking I am really confused on how the id will be transfered from the members page to update biodata and the user updates the form which will show past records. this should also apply to the profession and hobbies
  If I understand this right, you might want to consider providing a complete "userdata" section which comes with a Dynamic List and a Dynamic Form to have users add & update their data plus (via the Dynamic List) track all past records
  Lastly is it possible I create recordset at will and the id will be passed thru since kt-login-id behaves sololy
  I really can´t recommend this "pass user_id as URL variable" approach in this case, as URL variables are displayed in the browser´s address bar -- and this is absolutely insecure, because anyone could simply change the displayed "user_id" value, reload the form and hence edit data which belongs to a different user.
  The only secure method is indeed to use ADDT´s session variable kt_login_id
  Fatal error: Call to undefined function: var_export()
  Not sure, but maybe some "includes" files haven´t been generated
  Cheers,
  Günter Schenk
  Adobe Community Expert, Dreamweaver