Federation Extensions for SharePoint 3.0

If you’re running Windows SharePoint Services 3.0 or SharePoint Server 2007 and not quite ready to migrate to SharePoint 2010 to leverage the Claims Authentication Provider, take heart, there’s still hope.

Back in May 2010, Microsoft released several documents and extensions to assist with configuring the SharePoint v3 (or v12 depending on how you look at it) platform to federate with AD FS 2.0 – allowing for claims authentication federation.

Requirements

So how do I do this you ask?  Microsoft used to have a document out on Connect for this, but it’s now gone RTW.  The document is available here:

Couple things to make note of…

  • Don’t install AD FS 2.0 on the same server as SharePoint.  This should be a no brainer similar to “do not use a basic install” of SharePoint on any server.
  • To keep search and other capabilities operational, leave the default zone as Integrated/NTLM Auth. This allows your crawler to still operate in its regular fashion.
  • The federation capability really should only be leveraged for extranet / internet situations and not for use for all zones of users. Sure it’s great that claims auth with WSS v3 is there and supported, but let’s not get too zealous just yet 🙂
  • Get comfy with editing your web.config if you aren’t already so that you’re able to use the claims-based role and membership providers – if you’ve set this up for SharePoint 2010, then it should seem like old hat to you. Better yet, work with your developers to craft up a solution package that updates the web.config for you so that you’re not violating the laws of thermodynam… I mean good source control practices.
  • Note that if you’re building this into a multi-server farm, the extension bits have to be installed across all servers – yes, that’s right, it’s not a solutions package and won’t copy across all the servers for you. That’s not to say that the web.config couldn’t be updated via solution package though per the previous bullet.

Just think of the applications though, you can keep your WSS v3 / MOSS 2007 farm operational and federate with the partner organizations that you’ve been looking to let into your system while building a transition path to move to SharePoint 2010 using Claims whole heartily. 

Last thoughts… how cool is it that you can actually have a better client integration environment with the extensions that weren’t available with the ADFS v1 authentication provider with Windows Server 2003 R2.

3 thoughts on “Federation Extensions for SharePoint 3.0

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s