Okta Single Sign On for SharePoint 2013 - how to inject custom claims from database
Question
Scenario:
We are using Okta Single Sign On (SSO) on a SharePoint 2013 Extranet facing site. It fits the requirement well when individual users(email as user identity) granted site permissions.
However, as part of claims based permissions, we have a need to append custom claims to the user identity based on a membership rank in a committee. The membership and rank information is stored in a SQL database.
Part of SSO installs, Okta provided a people picker (SPClaimsProvider). If I use the Okta people picker I have no control over to inject custom claims through SPClaimsProvider. They should dynamically injected by querying ranks from SQL database/CRM.
Questions:
Should we uninstall Okta people picker and write our own SPClaimsProvider to append custom claims (SPClaimsProvider)?
(OR)
Use Okta people picker and develop custom System.Security.Claims.ClaimsAuthenticationManager to inject claims
(OR)
Leave Okta people picker as is, write a new SPClaimsProvider and install in parallel to Okta people picker.
Looking for some guidance.
1 answers
solution1
0 ACCPTED 2016-06-10 15:59:44
The last option works fine. You can create and install multiple custom claims providers; the only limitation is that you can only have one default custom claims provider per SPTrustedIdentityTokenIssuer. Just create a new custom claims provider and have it only inject claims by overriding the FillClaimsForEntity method. Specific details for doing so are here (NOTE: this article works for both SharePoint 2010 and 2013): https://samlman.wordpress.com/2015/02/28/writing-a-custom-claims-provider-for-sharepoint-2010-part-1-claims-augmentation-and-registering-your-provider/ .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.