SharePoint 2013 and ADFS 2.0 Installation Guide

We were recently tasked with provisioning a SharePoint 2013 farm that would authenticate users with SAML Claims and leverage ADFS 2.0 as the identity provider.  Nobody on the team had experience with ADFS 2.0 going into this, but figured since customers have been using ADFS and SharePoint together for years that the process would be straight forward.  Unfortunately we found that configuring SharePoint 2013 to use ADFS 2.0 as an authentication provider came with a series of usability issues dealing with areas such as Search, Office Web Apps, and the People Picker.

** You may also be interested in our updated SharePoint 2013 and ADFS 3.0 Installation guide.

This series of articles will cover our experience and hopefully provide insight to others as they embark on their own journey.  Below is list of articles:

Advertisements
Tagged with: , , , , ,
Posted in ADFS, SharePoint 2013
5 comments on “SharePoint 2013 and ADFS 2.0 Installation Guide
  1. Chris says:

    Have you guys implemented Office Web Apps yet? Our setup is almost identical to yours, but I am struggling with Office Web Apps and document previews on the search results page. Because we extended the web app to use NTLM and used server name mappings, the document preview is trying to use that URL, it is as if the WOPI Binding can’t see/understand the server name mappings which were set up in search… Any ideas? Thanks!

    • jasonth1971 says:

      Hi Chris,

      We have the exact same issue and currently have a case open with Microsoft on it. It appears to have been a known issue since the release, but we will update the blog if they come back with a workaround.

  2. Kev Houston says:

    Hi Jasonth,

    What is the status of your open case with Microsoft?

    • jasonth says:

      Hi Kevin,

      Microsoft came back and said this was expected behavior and did not have a work around. As a result we decided to change direction and use the codeplex project from Orbit One. In doing this we no longer need to extend the web app and instead have two authentication providers on the default web app. This of course presents us with the login selector page and that’s were the Orbit One codeplex solution comes in. We have it configured to authenticate anything on the subnet containing the SharePoint servers with NTLM so search works and then anything outside of that with the ADFS authentication provider. This fixes the issue with the incorrect links in the OWA previews, removes the login selector page, and search is happy because it can crawl the default web app with claims.

      http://spautomaticsignin.codeplex.com/

      Hopefully we can update the blog soon with this information.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: