FIM - Unable to federate to SharePoint with ADFS and RSA FIM

3 years ago

Originally Published: 2012-08-03

Article Number

000040206

Applies To

RSA Federated Identity Manger (FIM) 4.1

Issue

Unable to federate to SharePoint with ADFS and RSA

The user is unable to federate to Microsoft SharePoint with ADFS and RSA FIM acting as the IDP.

Error when accessing SharePoint

https://exsharepointpoc.example.com:81/_layouts/_login/default.aspx?errorCode=TrustedMissingIdentityClaimSource=https%3A%2F%2Fexsharepointpoc%2Ecorp%2Eemc%2Ecom%3A81%2F%5Flayouts%2FAuthenticate%2Easpx%3FSource%3D%252F

Cause

SharePoint was expecting an "AD FS 1.x E-Mail Address" claim. RSA FIM was sending email address claim as "E-Mail Address" and not "http://schemas.xmlsoap.org/ws/2005/05/identity/caims/emailaddress" which is what ADFS was expecting.

Resolution

Create a custom claim rule on CP trust rules to transform "E-Mail Address" to "http://schemas.xmlsoap.org/ws/2005/05/identity/caims/emailaddress" and a transform rule to change ADFS emal address into "AD FS 1.x E-Mail Address" in case we needed to use the default email claim for another RP.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles