If you’re running Windows SharePoint Services 3.0 or SharePoint Server 2007 and not quite ready to migrate to SharePoint 2010 to leverage the Claims Authentication Provider, take heart, there’s still hope.
Back in May 2010, Microsoft released several documents and extensions to assist with configuring the SharePoint v3 (or v12 depending on how you look at it) platform to federate with AD FS 2.0 – allowing for claims authentication federation.
So how do I do this you ask? Microsoft used to have a document out on Connect for this, but it’s now gone RTW. The document is available here:
Couple things to make note of…
- Don’t install AD FS 2.0 on the same server as SharePoint. This should be a no brainer similar to “do not use a basic install” of SharePoint on any server.
- To keep search and other capabilities operational, leave the default zone as Integrated/NTLM Auth. This allows your crawler to still operate in its regular fashion.
- The federation capability really should only be leveraged for extranet / internet situations and not for use for all zones of users. Sure it’s great that claims auth with WSS v3 is there and supported, but let’s not get too zealous just yet 🙂
- Get comfy with editing your web.config if you aren’t already so that you’re able to use the claims-based role and membership providers – if you’ve set this up for SharePoint 2010, then it should seem like old hat to you. Better yet, work with your developers to craft up a solution package that updates the web.config for you so that you’re not violating the laws of thermodynam… I mean good source control practices.
- Note that if you’re building this into a multi-server farm, the extension bits have to be installed across all servers – yes, that’s right, it’s not a solutions package and won’t copy across all the servers for you. That’s not to say that the web.config couldn’t be updated via solution package though per the previous bullet.
Just think of the applications though, you can keep your WSS v3 / MOSS 2007 farm operational and federate with the partner organizations that you’ve been looking to let into your system while building a transition path to move to SharePoint 2010 using Claims whole heartily.
Last thoughts… how cool is it that you can actually have a better client integration environment with the extensions that weren’t available with the ADFS v1 authentication provider with Windows Server 2003 R2.
Unlike other databases that SharePoint 2010 creates, the Application Registry Service Database is actually included in the mix for backward compatibility of SharePoint Server 2007 Business Data Catalog connection information and other information pertinent to the BDC API.
By default, the database name is “Application_Registry_Service_DB_<GUID>”. I’m not quite certain why, but I’m not so much a fan of the out of the box naming of databases with a GUID appended to the end – though I guess it does ensure that you’re never going to inadvertently create one on the fly that has the same name as others.
Similar to the BDC, the Application Registry Service database is read-heavy since there isn’t any writing done with the BDC . And though the services architecture is a bit more broken out, you can only have a single Application Registry Service per farm, which means that you can only have a single database associated with your farm, which in turn means get ready to watch it grow should you be migrating several BDCs into your farm while you prep them for conversion to Business Connectivity Services candidates.
Fortunately for scalability purposes, it is possible to mirror this database within a farm to ensure availability of data for the BDCs to operate, however it’s not possible to mirror the database or use log shipping to mirror the database onto another SQL instance. Perhaps keeping a backup handy would be helpful should the data become corrupted or your server’s SAN melt.
A visualization of the tables and associated columns is depicted here:
If you’re wondering what the tables and their associated columns look like for the Application Registry, then look no further as they are as follows:
A downloadable copy of the Map in PDF format is available here.
While SharePoint Server 2010 has several enhancements for Administrators including such capabilities of an offline database restoring a list item or document, there are still some curiosities that I’ve got as to the planning of the underlying system.
For instance, it would seem that for such a refined product with so many enhancements that items such as the underlying databases might follow a naming convention of some sort. For a standard SharePoint Server 2010 Enterprise edition installation, out of the box you’ll have the following databases:
Managed Metadata Service_GUID
PerformancePoint Service Application_GUID
User Profile Service Application_ProfileDB_GUID
User Profile Service Application_SocialDB_GUID
User Profile Service Application_SyncDB_GUID
As you can see, the naming convention seems to vary dependent on the team within the product group that was developing the capability, feature set or workload. For instance, some of the databases include an “_DB"_” and other times the database name has a concatenation of the “DB”. Further, it’s interesting in seeing how they delineate words, in some instances using spaces, others underscores and others just capitalization of letters to delineate the database.
Interesting that it wasn’t polished to be uniform eh?
…that I know of 🙂
So I’m hitting the road on June 19 for SharePoint Saturday Charlotte which is on the 20th. From there it’s off to Boston for the SharePoint Technology Conference which runs from the 22-24 June. I speak on the 24th in the afternoon. If you’re wondering where I’m at after that, head on back to Reston, VA for the Regional SharePoint Users Group which runs from 26-27 June. Hoping to meet a bunch of folks from Twitter as well as to see others from the community – it’s been too long.
SharePoint Saturday Charlotte – 20 June, 2009 – http://go.spdan.com/spsclt
SharePoint Technology Conference – 22-24 June, 2009 – http://go.spdan.com/sptechcon
Regional SharePoint Users Group Conference – 26-27 June, 2009 – http://go.spdan.com/rsug
This past Thursday, I drove up to the Baltimore SharePoint User’s Group to present on the topic of “Designing Logical Architectures and Site Taxonomies.” It was a decent drive up the BW Parkway from Northern Virginia, chatting with Eric Harlan and a few others on the way up – apparently there were folks heading for the beach already on Thursday afternoon for the Memorial Day weekend, so the drive lasted a little longer than anticipated (about 2 hours).
The presentation was well received by the group as well as lively with questions. Eric Harlan, Shadeed Eleazer and I headed off to the Bone Fish Grill afterward to chat about life, SharePoint and SharePoint Saturday Baltimore (25 July 2009).
Overall, a successful trip up to Baltimore!
The slides from the presentation are available here in
Please note that the slides are constantly being refined with each presentation – feedback is always greatly appreciated 🙂
Recently, I rain into an issue where WSS v3 search results weren’t working properly. It ended up being a pretty simple fix in that the web application authentication setup (basic versus integrated windows authentication) with the alternate access mappings weren’t configured properly. After a little bit of modification to the settings, wallah, things worked magnificently.
For those of you that aren’t familiar with AAM, definitely a topic that you should be familiar with to ensure that you architect your solutions properly in the first place so that search problems, among others don’t come back to bite you or your developers in the long run.
Configuring AAM (TechNet) – http://go.spdan.com/configureaam
Planning AAM (TechNet) – http://go.spdan.com/planaam
AAM in SP (21Apps) – http://go.spdan.com/ytsrf
Using AAM (To the SharePoint) – http://go.spdan.com/jkany
What every Admin needs to know about AAM (SP Blog) – http://go.spdan.com/wdykn
Advanced Admin Architecture, Deployment, Operations (TechEd 08) – http://go.spdan.com/snmfp
This past weekend, SharePoint Saturday visited the local Northern Virginia region with SharePoint Saturday DC, hosted at the Microsoft Technology Center in Reston, VA. It was a great time with 28 sessions led by SharePoint professionals and MVPs from all around the country. Props to Dux Sy for his coordination of the volunteers and sponsors! Over 200 people attended the event which meant that it was standing room only for some of the sessions.
Joel Ward and I presented on the topic of SmartCard Authentication: Considerations, Options and Pitfalls with SharePoint during the final session of the day. It was a lively discussion surrounding security, SmartCards, IA, infrastructure, membership providers and how it all fits in with the SharePoint architecture.
View the slides on SlideShare below, or download the PowerPoint files (PPT or PPTX) which includes the slides plus notes and resource links.