Setting secure store service permissions with AD FS
https://sharepoint.stackexchange.com/questions/106018
-
29-09-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a web application configured to use AD FS for authentication. This web application has external lists that point to a SQL database. My question is, how do I give permissions to the AD FS accounts to the credentials stored in the SSS? The problem is that when you use the people pickers in Central Administration, they do not point to the AD FS forest.
-Thanks
Solution
Figured out how to solve this.
If you need to set permissions for specific users, you will need to type the exact e-mail address in the people pickers. This user will be marked as invalid when you edit the permissions, but it works.
The second option is to add the All Authenticated Users (NT Windows token) claims equivalent of c:0(.s|true to the Members area as above, this then gets resolved to “Everyone”. This will then give permissions to all users who authenticate with Windows or SAML claims so allows us to successfully authenticate against the SSS application when access through both zones of the web application.
