Federation Extensions for SharePoint 3.0

If you’re running Windows SharePoint Services 3.0 or SharePoint Server 2007 and not quite ready to migrate to SharePoint 2010 to leverage the Claims Authentication Provider, take heart, there’s still hope.

Back in May 2010, Microsoft released several documents and extensions to assist with configuring the SharePoint v3 (or v12 depending on how you look at it) platform to federate with AD FS 2.0 – allowing for claims authentication federation.

Requirements

So how do I do this you ask?  Microsoft used to have a document out on Connect for this, but it’s now gone RTW.  The document is available here:

Couple things to make note of…

  • Don’t install AD FS 2.0 on the same server as SharePoint.  This should be a no brainer similar to “do not use a basic install” of SharePoint on any server.
  • To keep search and other capabilities operational, leave the default zone as Integrated/NTLM Auth. This allows your crawler to still operate in its regular fashion.
  • The federation capability really should only be leveraged for extranet / internet situations and not for use for all zones of users. Sure it’s great that claims auth with WSS v3 is there and supported, but let’s not get too zealous just yet 🙂
  • Get comfy with editing your web.config if you aren’t already so that you’re able to use the claims-based role and membership providers – if you’ve set this up for SharePoint 2010, then it should seem like old hat to you. Better yet, work with your developers to craft up a solution package that updates the web.config for you so that you’re not violating the laws of thermodynam… I mean good source control practices.
  • Note that if you’re building this into a multi-server farm, the extension bits have to be installed across all servers – yes, that’s right, it’s not a solutions package and won’t copy across all the servers for you. That’s not to say that the web.config couldn’t be updated via solution package though per the previous bullet.

Just think of the applications though, you can keep your WSS v3 / MOSS 2007 farm operational and federate with the partner organizations that you’ve been looking to let into your system while building a transition path to move to SharePoint 2010 using Claims whole heartily. 

Last thoughts… how cool is it that you can actually have a better client integration environment with the extensions that weren’t available with the ADFS v1 authentication provider with Windows Server 2003 R2.

Database Spotlight: Application Registry Service DB

Unlike other databases that SharePoint 2010 creates, the Application Registry Service Database is actually included in the mix for backward compatibility of SharePoint Server 2007 Business Data Catalog connection information and other information pertinent to the BDC API.

By default, the database name is “Application_Registry_Service_DB_<GUID>”.  I’m not quite certain why, but I’m not so much a fan of the out of the box naming of databases with a GUID appended to the end – though I guess it does ensure that you’re never going to inadvertently create one on the fly that has the same name as others.

Similar to the BDC, the Application Registry Service database is read-heavy since there isn’t any writing done with the BDC Smile. And though the services architecture is a bit more broken out, you can only have a single Application Registry Service per farm, which means that you can only have a single database associated with your farm, which in turn means get ready to watch it grow should you be migrating several BDCs into your farm while you prep them for conversion to Business Connectivity Services candidates.

Fortunately for scalability purposes, it is possible to mirror this database within a farm to ensure availability of data for the BDCs to operate, however it’s not possible to mirror the database or use log shipping to mirror the database onto another SQL instance. Perhaps keeping a backup handy would be helpful should the data become corrupted or your server’s SAN melt.

A visualization of the tables and associated columns is depicted here:

Application_Registry_Service_DB_GUID

If you’re wondering what the tables and their associated columns look like for the Application Registry, then look no further as they are as follows:

Application_Registry_Service_DB_GUID
  AR_Action
    EntityId
    Icon
    Id
    IsDisplayed
    IsOpenedInNewWindow
    Position
    Url
 
AR_ActionParameter
    ActionId
    Id
    Index
 
AR_AdminLocks
    Id
    LockId
  AR_ApplicationRegistry
    Id
  AR_Association
    Id
  AR_AssociationMember
    AssociationId
    EntityId
    EntityRole
    Id
  AR_CacheCounters
    MetadataObjectType
    ObjectCacheCounter
    RelationshipCacheCounter
  AR_Class
    Id
    SystemId
  AR_DefaultValue
    Id
    MethodInstanceId
    TypeDescriptorId
    Value
  AR_Entity
    EstimatedInstanceCount
    Id
  AR_ExternalAssociation
    Id
    MappingTableName
    SourceEntityId
    TargetEntityId
  AR_FilterDescriptor
    Id
    MethodId
    TypeName
  AR_Identifier
    EntityId
    Id
    OrdinalNumber
    TypeName
  AR_LocalizedName
    Id
    LCID
    LocalizedName
    MetadataObjectId
  AR_MetadataObject
    Id
    IsCached
    Name
    Version
  AR_MetadataObjectSecurity
    DisplayName
    Id
    IdentityName
    MetadataObjectId
    RawSid
    Rights
  AR_Method
    ClassId
    Id
    IsStatic
  AR_MethodInstance
    Id
    MethodId
    ReturnTypeDescriptorId
    Type
  AR_Parameter
    Direction
    Id
    MethodId
    OrdinalNumber
    TypeReflectorTypeName
 
AR_Property
    Id
    MetadataObjectId
    Name
    Value
 
AR_System
    ConnectionFactoryTypeName
    Id
    SystemEntityTypeName
    SystemUtilityTypeName
 
AR_SystemData
    Data
    Id
    Length
    Name
    SystemId
 
AR_SystemInstance
    Id
    SystemId
 
AR_TypeDescriptor
    ContainsFilterDescriptor
    ContainsIdentifier
    FilterDescriptorId
    Id
    IdentifierId
    InterpretedTypeName
    IsCollection
&#160
;   ParameterId
    ParentTypeDescriptorId
    TypeName

A downloadable copy of the Map in PDF format is available here.

SharePoint 2010 Database Names

While SharePoint Server 2010 has several enhancements for Administrators including such capabilities of an offline database restoring a list item or document, there are still some curiosities that I’ve got as to the planning of the underlying system.

For instance, it would seem that for such a refined product with so many enhancements that items such as the underlying databases might follow a naming convention of some sort. For a standard SharePoint Server 2010 Enterprise edition installation, out of the box you’ll have the following databases:

Application_Registry_Service_DB_GUID
Bdc_Service_DB_GUID
Managed Metadata Service_GUID
PerformancePoint Service Application_GUID
Search_Service_Application_CrawlStoreDB_GUID
Search_Service_Application_DB
Search_Service_Application_PropertyStoreDB_GUID
Secure_Store_Service_DB_GUID
SharePoint_AdminContent_GUID
SharePoint_Config
StateService_GUID
User Profile Service Application_ProfileDB_GUID
User Profile Service Application_SocialDB_GUID
User Profile Service Application_SyncDB_GUID
WebAnalyticsServiceApplication_ReportingDB_GUID
WebAnalyticsServiceApplication_StagingDB_GUID
WordAutomationServices_GUID
WSS_Content
WSS_Logging

As you can see, the naming convention seems to vary dependent on the team within the product group that was developing the capability, feature set or workload.  For instance, some of the databases include an “_DB"_” and other times the database name has a concatenation of the “DB”.  Further, it’s interesting in seeing how they delineate words, in some instances using spaces, others underscores and others just capitalization of letters to delineate the database.

Interesting that it wasn’t polished to be uniform eh?

Upcoming Speaking Engagements in June 2009

…that I know of 🙂

USHER_speaker_badgeSo I’m hitting the road on June 19 for SharePoint Saturday Charlotte which is on the 20th.  From there it’s off to Boston for the SharePoint Technology Conference which runs from the 22-24 June.  I speak on the 24th in the afternoon.  If you’re wondering where I’m at after that, head on back to Reston, VA for the Regional SharePoint Users Group which runs from 26-27 June.  Hoping to meet a bunch of folks from Twitter as well as to see others from the community – it’s been too long.

SharePoint Saturday Charlotte – 20 June, 2009 – http://go.spdan.com/spsclt

SharePoint Technology Conference – 22-24 June, 2009 – http://go.spdan.com/sptechcon

Regional SharePoint Users Group Conference – 26-27 June, 2009 – http://go.spdan.com/rsug

Baltimore SharePoint User's Group – 21 May 2009

This past Thursday, I drove up to the Baltimore SharePoint User’s Group to present on the topic of “Designing Logical Architectures and Site Taxonomies.” It was a decent drive up the BW Parkway from Northern Virginia, chatting with Eric Harlan and a few others on the way up – apparently there were folks heading for the beach already on Thursday afternoon for the Memorial Day weekend, so the drive lasted a little longer than anticipated (about 2 hours).

The presentation was well received by the group as well as lively with questions. Eric Harlan, Shadeed Eleazer and I headed off to the Bone Fish Grill afterward to chat about life, SharePoint and SharePoint Saturday Baltimore (25 July 2009).

Overall, a successful trip up to Baltimore!

The slides from the presentation are available here in

Please note that the slides are constantly being refined with each presentation – feedback is always greatly appreciated 🙂

AAM – The Bain of search problems…

Alternate Access Mappings

Recently, I rain into an issue where WSS v3 search results weren’t working properly. It ended up being a pretty simple fix in that the web application authentication setup (basic versus integrated windows authentication) with the alternate access mappings weren’t configured properly.  After a little bit of modification to the settings, wallah, things worked magnificently.

For those of you that aren’t familiar with AAM, definitely a topic that you should be familiar with to ensure that you architect your solutions properly in the first place so that search problems, among others don’t come back to bite you or your developers in the long run.

Configuring AAM (TechNet) – http://go.spdan.com/configureaam
Planning AAM (TechNet) – http://go.spdan.com/planaam
AAM in SP (21Apps) – http://go.spdan.com/ytsrf
Using AAM (To the SharePoint) – http://go.spdan.com/jkany
What every Admin needs to know about AAM (SP Blog) – http://go.spdan.com/wdykn
Advanced Admin Architecture, Deployment, Operations (TechEd 08) – http://go.spdan.com/snmfp

SharePoint Saturday – DC

This past weekend, SharePoint Saturday visited the local Northern Virginia region with SharePoint Saturday DC, hosted at the Microsoft Technology Center in Reston, VA. It was a great time with 28 sessions led by SharePoint professionals and MVPs from all around the country. Props to Dux Sy for his coordination of the volunteers and sponsors! Over 200 people attended the event which meant that it was standing room only for some of the sessions.

Joel Ward and I presented on the topic of SmartCard Authentication: Considerations, Options and Pitfalls with SharePoint during the final session of the day.  It was a lively discussion surrounding security, SmartCards, IA, infrastructure, membership providers and how it all fits in with the SharePoint architecture.

View the slides on SlideShare below, or download the PowerPoint files (PPT or PPTX) which includes the slides plus notes and resource links.