I double checked I was logged in as an administrative user account. -CHECK.
I double checked that I was accessing the correct web application URL -CHECK.
I double checked that I was accessing the root web site settings page, and that I was in fact missing links that a site collection administrator should be able to access. -CHECK
I logged into SharePoint Central Admin and double checked that my administrative user account was configured as the site collection admin. My user account was set as the Primary Site Collection administrator. -CHECK.
So, what was the issue? In an attempt to resolve the issue, I reviewed the SharePoint authentication configuration for my web app.
For my claims enabled web application I was logging in through ADFS 2.0 (Active Directory Federation Services) as a trusted identity provider and retrieving a SAML token. When configuring a SAML trusted identity provider you need to chose an "identifier claim" - that is 1 claim which uniquely identifies every user in the domain. I often choose email address claim because an email address must be globally unique. You must configure ADFS2 to return the email address attribute when a user logs into. As well, you must configure your SharePoint 2010 trusted identity provider with your chosen identifier claim when registering the provider through PowerShell - this powershell configuration often looks like this:
$map = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
# Define other variables... cert, realm, signinurl...
# Adds the STS to SharePoint
$ap = New-SPTrustedIdentityTokenIssuer -Name "ADFS20 Provider" -Description "SharePoint secured by ADFS20" -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map -SignInUrl $signinurl -IdentifierClaim $map.InputClaimType
So, I double checked that my administrator user account had a valid email address and it did. -CHECK
I checked the Central Admin site collection administrator configuration again, and found that I had configured my Primary Site Collection admin with the AD username 'SPDEMO\administrator' which normally would work fine in a non-claims enabled web app. So, I decided to try changing it to the identifier claim: administrator@spdemo.titus.local.
I logged in again and found the same thing was happening. I would navigate to the site settings page for the root site and would only see links that a site owner would see, and not links that a site collection admin should see.
So, I returned to the Central Admin site collection administrator configuration page reset my Primary Site Collection administrator to 'administrator' and set my Secondary Site Collection Administrator to the identifier claim: administrator@spdemo.titus.local. As in the following:
Voila! When I logged back into my claims enabled web application as the same user, I was now in fact a site collection administrator. I could now navigate to the Site Settings page in my root site and I could see the links that should be available to a site collection admin:
So, it turns out that in a claims enabled web application a site collection administrator needs to have both their AD domain\username and their identifier claim set as the site collection administrator identity.
-Antonio
Only if they (the site collection admin) logs into both zones, which isn't typical in a non-SharePoint Administrator role. Actually, even a SharePoint administrator has limited needs to log in to the zone used by application users. Other than testing purposes, and I would say use an account (test account or other) that doesn't have the privileges a typical admin account would on the server or SharePoint farm. Using administrative accounts can mask errors that less privileged users would see. Plus, using IDP logins when you are only doing admin work just introduces other variables that aren't necessary. When possible, only login to the Windows auth zone.
ReplyDeleteThis post provide me good information about how to enable web application in sharepoint 2010. US web app development
ReplyDeleteDon't clone a website for mobile devices and say we're done. You must customize the mobile app in the context of users. Desktop computers to mobile conversion may be easy but there are lots more in it. You can get all things done in a mobile as you do those in your website. The likely scenario is to save time using the mobile app while you are standing in a queue and want to finish things with your brand. But you are probably not going to accomplish everything from your mobile phone while you are waiting. mobile phone tracker
ReplyDeleteIn an attempt to resolve the issue, I reviewed the SharePoint authentication configuration for my web app. web design tips
ReplyDeleteGet the IIM edge in IFBS, New Delhi.Only B-School with faculty from India's premier B-Schools and an all IIM-A alumni management . Placement network across IITs and IIMs recorded highest avg.placement package in Delhi/NCR.
ReplyDeleteBanking PGDM Institute in Delhi
Going through something so fantastic has a retouching power for the heart and mind.
ReplyDeletelanding page
Hi admin.Great post.Thank you so much for sharing about Claims Audit Enabled Web App.Keep in blogging.. Warehouse Audit
ReplyDeleteThanks for sharing this valuable and interesting article with good content stuff.Keep in blogging. AP Vendor Helpdesk | Internal Audit | Fraud Dectection
ReplyDeleteOften purchased themes are so rigid that even moving an element from one part of the page to another is impossible to do with this type of limited knowledge.
ReplyDeletehttps://edkentmedia.com/toronto-website-design-development/
I have been checking out a few of your stories and i can state pretty good stuff. I will definitely bookmark your blog.
ReplyDeletesoftware development company in delhi
I encourage you to read this text it is fun described ...
ReplyDeletemason soiza
Remember, a good web application development firm will not only deliver an exact web application to automate your online business processing, but also get into online promotion for your website.skrajučių gamyba
ReplyDeleteYou absolutely can't turn out badly in view of composing with your crowd: what you need is to sincerely associate with your prospects,seo services company in gurgaon and do whatever it takes not to sustain an undeniably flighty mammoth that Google has transformed into.
ReplyDeleteWhen it has to do with web design, it is necessary to consider creatively. Today, web design is connected with the accumulation of income of the company a significant concern in an easy way.web designer nuneaton
ReplyDeleteLike any business exchange or buy you should possibly spend your cash when you feel good.Webdesign
ReplyDeleteCost is one reason why most bloggers and website admins decide to utilize Premium WordPress themes over hand crafted theme. In spite of the fact that it shouldn't be the situation, site proprietors are restricted with their assetspremium wordpress blog themes
ReplyDeleteGreat blog about the SharePoint 2010 Claims Enabled Web App ..
ReplyDeleteweb design jacksonville fl
A complete sententious blog, intended to impress people.
ReplyDeleteBrave Browser
Hello I am so delighted I located your site, I really located you by mistake, while I was looking on yahoo for something else, Anyways I am here now and could just like to say cheers for a tremendous post and a all round entertaining website. Please do keep up the great work. ui design agency san francisco
ReplyDeleteAs I website owner I think the articles here is rattling superb , thanks for your efforts. iphone template
ReplyDeletepest control Toronto
ReplyDeletepest control Toronto
pest control Toronto
pest control Toronto
pest control Toronto
pest control Toronto
pest control Toronto
pest control Toronto
pest control Toronto
jclis
ReplyDeletejclis
jclis
jclis
jclis
jclis
jclis
jclis
jclis
ilovetraveling
ReplyDeleteilovetraveling
ilovetraveling
ilovetraveling
ilovetraveling
ilovetraveling
ilovetraveling
ilovetraveling
ilovetraveling
mooituinen
ReplyDeletemooituinen
mooituinen
mooituinen
mooituinen
mooituinen
mooituinen
mooituinen
mooituinen
Good Post! , it was so good to read and useful to improve my knowledge as an updated one, keep blogging.
ReplyDeletevé máy bay tết tphcm đi huế
mua vé máy bay giá rẻ
lịch bay hà nội đà nẵng
lịch bay hà nội trang trang vietjet air
vé máy bay cần thơ phú quốc
ve may bay di con dao bamboo airways
This is one of the most incredible blogs Ive read in a very long time.
ReplyDeleteve may bay tu My ve Viet Nam
Chuyến bay từ Taipei về hcm
vé máy bay từ đức về sài gòn
vé máy bay từ san francisco về việt nam
mua vé máy bay từ canada về việt nam
ve may bay tu anh ve viet nam
Nice blog, Thankyou for sharing such a informative content. I have also shared about Website Designing in Gurgaon. Dixinfotech in web-related services includes Website Designing, Web Development, E-commerce Website Development, etc. They provide affordable website designing services and their cost is very low They develop customized websites for the clients as per the requirement of the business. They provide the best services.
ReplyDeleteWhen selecting a web design or ui ux design company, one thing you should consider is the process the agency uses to take your design from concept to reality. There are actually three different methods or approaches that an agency may follow.
ReplyDeleteIt's really amazing to have many lists of will help to make thanks a lot for sharing
ReplyDeletemẫu nhà 2 tầng đẹp
mẫu nhà phố đẹp 2 tầng mái thái
tranh treo cầu thang
tủ văn phòng
tủ giày đẹp
thảm trải sàn phòng ngủ
mặt tiền mái nhà ống hiện đại
tranh phong thủy
tranh treo phòng ngủ
giường tầng cho bé