Microsoft Sharepoint Integration

From Swivel Knowledgebase Wiki

Contents 1 Overview 2 Authenticating to SharePoint 2010 3 Authenticating to Earlier Versions of SharePoint as a 2-Stage Process 4 SharePoint PINsafe FAQ 4.1 Can PINsafe Manage the AD Credentials 4.2 Can PINsafe detect an expired AD password 5 Troubleshooting 5.1 TURing image does not appear 5.2 Error Messages

Overview

The solution described here is for SharePoint 2010 only, as it relies on claims-based authentication features introduced in that version.

Our recommended solution for earlier versions of SharePoint is to use Microsoft ISA Server with RADIUS authentication (see Microsoft ISA 2006 Integration. However, there is a description at the bottom of this article of how to integrate with SharePoint as a 2-stage authentication process.

Authenticating to SharePoint 2010

The latest solution for PINsafe SharePoint 2010 filter is version 1.3.3. It can be found here. Full instructions for installing the filter and configuring SharePoint to support it are included in the zip file.

Authenticating to Earlier Versions of SharePoint as a 2-Stage Process

The solution is to use the normal PINsafe IIS filter (32-bit or 64-bit version as appropriate to the operating system). Install as per the included instructions.

The result should be that you will need to authenticate first to the Active Directory domain, if you are not already logged in. Subsequently, you will be redirected to the PINsafe login page to complete the second part of the authentication process, before being finally redirected to the SharePoint home page.

One issue which is not addressed by the IIS filter documentation, which might cause problems, particularly in Windows 2008 Server, is that the Windows account running the SharePoint application (normally Network Service) needs to have read and execute permission on the pinsafe virtual directory.

SharePoint PINsafe FAQ

Can PINsafe Manage the AD Credentials

PINsafe cannot manage the AD credentials, these should be managed on the AD server

Can PINsafe detect an expired AD password

No, PINsafe will notify of an expired PIN but does not manage the AD credentials

Troubleshooting

TURing image does not appear

A red cross may be present where the TURing image should appear. The usual causes are:

Incorrect path to PINsafe appliance

Self Signed Certificate is used, but the allow self signed certificate option has not been selected

Firewall blocking access to PINsafe server

Network issue

HTTP request against the PINsafe running HTTPS

Error Messages

502 - Bad Gateway

This has been seen where the SharePoint cannot connect to the PINsafe server. Check the above, particularly the settings for SSL or HTTP access.

Authentication provider not found

PINsafe cannot be accessed by the SharePoint server, verify connectivity settings.