•  06-10-2020
  •  | 
  •  

Question

I seem to have an orphaned custom claims provider. I removed the solution from the farm and When I run Get-SPClaimProvider it doesn't show as a provider.

However, the people picker is still using it. I know this because when I type a name in it I still get the custom claim user. I tried to remove it using Remove-SPClaimProvider but it doesn't see it any more.

Anyway I can reset this?

Edit:

I deselected the trusted provider on all web apps

I removed my custom provider solution/feature

I completed removed the ADFS trusted identity provider from SP:

Remove-SPTrustedRootAuthority -Identity "ADFS Token Signing Cert Parent"
Remove-SPTrustedIdentityTokenIssuer "ADFS SAML Provider for SharePoint"

At this point, when I go into a people picker on a site, I am still getting the ADFS name resolution results showing up. Notice in the image I get two results for one user, one is for ADFS.

enter image description here

When I run Get-SPClaimProvider, the custom claim provider does not show up. Maybe this is expected since I uninstalled the custom provider but why does the people picker still show the results?

The problem I am having is I had changed the custom provider to use the UPN instead of email address. After deploying the new version I cannot get SP to recognize the it now. When I run the following cmd it complains that "ADFSClaimProvider" doesn't exist:

$ap = Get-SPTrustedIdentityTokenIssuer "ADFS SAML Provider for SharePoint"
$ap.ClaimProviderName = "ADFSClaimProvider"
$ap.Update()

I was suspecting it wasn't working because, for whatever reason, SP thinks a custom provider already exists.

Was it helpful?

Solution 2

I open a support call with Microsoft and the engineer had me reset the people picker using stsadm:

stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv "" -url "https://sharepoint"

Simple.

OTHER TIPS

here are the steps to remove the custom claim provider.

  1. Change your web apps to no longer use the SPTrustedIdentityTokenIssuer. For example, change them to use Windows claims.
  2. Delete the SPTrustedIdentityTokenIssuer.
  3. Create a new SPTrustedIdentityTokenIssuer with the same settings, only don’t configure it to use your custom claims provider as the default provider.
  4. Reconfigure your web apps to use the recreated SPTrustedIdentityTokenIssuer.

https://samlman.wordpress.com/2015/02/28/more-information-on-adding-and-changing-custom-claims-providers-in-sharepoint-2010/

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top