Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Identifierclaim in SPTrustedIdentityTokenIssuer

See original GitHub issue

I’m trying to configure an SPTrustedIdentityTokenIssuer but I always get the error:

IdentifierClaim does not match any claim type specified in ClaimsMappings.

What am I missing?

       SPTrustedIdentityTokenIssuer AzureAD
            Name                = "AzureAD";
            Description         = "Azure AD Identity provider";
            Realm               = "urn:sharepoint:sp1";
            SignInUrl           = "[GUID removed]/wsfed";
            IdentifierClaim     = "";
            ClaimsMappings        = @(
                    Name = "name";
                    IncomingClaimType = "";
                    LocalClaimType ="";
                    Name = "Email";
                    IncomingClaimType = "";
                    Name = "Role";
                    IncomingClaimType = "";
            SigningCertificateFilePath = "C:\cert.cer";
            Ensure                = "Present";
            PsDscRunAsCredential  = $SPSetupAccount;

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

ykuijscommented, Aug 31, 2021

UPDATE: Correction to my first conclusion. Have checked the innerworking a little more and the error is in the code.

Found the root cause for this issue:

In the Set method, this code creates an array with Claims Mappings:

The next block of code then checks if the specified IdentifierClaim matches a MappedClaimType in any of the claims in the array:

This is where the code fails. It should check against the InputClaimType property instead of the MappedClaimType property. Will update the code and submit a PR!

bartvermeerschcommented, Sep 1, 2021

Sorry I didin’t follow up, I had to switch project. Thank you @ykuijs for the fix! (I also missed the issue in the code)

Read more comments on GitHub >

github_iconTop Results From Across the Web

New-SPTrustedIdentityTokenIssuer (sharepoint-server)
The New-SPTrustedIdentityTokenIssuer cmdlet creates an identity provider in the farm. This object is created and used only for setting this type of identity ......
Read more >
Mapping IdentifierClaim to field, that is not email
The New-SPTrustedIdentityTokenIssuer cmdlet has a parameter "-IdentityClaim". The claim type you specify as an identity claim is "encoded" ...
Read more >
Creating an ADFS2.0 TrustedIdentityTokenIssuer using ...
The “IdentifierClaim” attribute instructs SharePoint Server which of the claims will be the claim used to identify users. In this scenario the e ......
Read more >
How to configure SharePoint trusted identity provider for UPN
New-SPTrustedIdentityTokenIssuer -Name $ProviderName -Description ... $RoleClaimMap -SignInUrl $signInURL -IdentifierClaim $UPNClaimmap .
Read more >
Claims User Identity Flow
The following PowerShell command is used to determine the MappedClaimType of Identity Claim Type configured for a Trusted Provider in SharePoint. Copy. (Get- ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found