Microsoft Sharepoint Integration Methods
Overview
This document describes methods of integrating Swivel authentication with earlier versions of SharePoint that do not support claims-based authentication. Although these methods will work with later versions of SharePoint, it is recommended that you use the appropriate dedicated filters for SharePoint 2010 and 2013, in the following links:
Integration Using TMG or ISA
Our recommended solution for earlier versions of SharePoint is to use Microsoft TMG integration with RADIUS authentication (see here or here), or Microsoft ISA Server with RADIUS authentication (see Microsoft ISA 2006 Integration). However, the following article shows how to integrate with SharePoint as a 2-stage authentication process.
The solution is to use the PINsafe IIS7 filter. Install as per the included instructions.
The result should be that you will need to authenticate first to the Active Directory domain, if you are not already logged in. Subsequently, you will be redirected to the PINsafe login page to complete the second part of the authentication process, before being finally redirected to the SharePoint home page.
One issue which is not addressed by the IIS filter documentation, which might cause problems, particularly in Windows 2008 Server, is that the Windows account running the SharePoint application (normally Network Service) needs to have read and execute permission on the pinsafe virtual directory.