Custom Claims support

Mar 17, 2015 at 5:11 AM
Basically I need to augment custom claims whose values I'll be getting by performing a REST call:
Image
Something like https://samlman.wordpress.com/2015/02/28/writing-a-custom-claims-provider-for-sharepoint-2010-part-1-claims-augmentation-and-registering-your-provider/

Does this implementation already facilitate something like this? Is it planned to?
Any suggestions?

I went through the code. If I simply implement FillClaimsForEntity in LDAPCP.cs, I would be able to add a few custom claims - whose values I'm hoping to fetch by a REST service call.
Coordinator
Mar 17, 2015 at 9:09 AM
Hello,
if you are only interested in claims augmentation, I'm not sure LDAPCP will make things easier for you.
Yes, FillClaimsForEntity is the method you need to override, but you should do that in a class that inherits LDAPCP, so that you could easily apply updates made to LDAPCP.
Cheers,
Yvan
Mar 17, 2015 at 10:48 AM
Thank you Yvand for the info.

Actually, we're looking for your solution augmented with custom claims functionality. We would now implement it on our own.
Mar 18, 2015 at 6:22 AM
Before I start; I should ask. Yvand, are there any plans of implementing augmentation? Or any chance of collaboration?
Coordinator
Mar 18, 2015 at 12:44 PM
Hello,
no this is not planned.
As I mentionned, I strongly recommend that you import LDAPCP.dll in a new project, and implement FillClaimsForEntity in a new class that inherits LDAPCP, instead of editing LDAPCP class directly.
You can download "LDAPCP for developers.zip" to find examples of this.
Mar 18, 2015 at 2:12 PM
For what it's worth, this would be beneficial to us as well. We've been successfully using LDAPCP for some time for resolution. Looking forward, as we plan for hybrid search with SharePoint Online and SharePoint 2013 on premise, I believe we will need to transition from sending role claims via ADFS at authentication time to using claims augmentation to fetch roles. This should allow SPO queries against on premise to properly determine access rights and security trim appropriately. Without this searching from SPO would only return on-prem results when the user was explicitly granted access--not via role claim.

At least that's my understanding of federated search; I haven't had time to test this yet.

Cheers.
Coordinator
Mar 25, 2015 at 12:20 PM
hello, thank you for your feedback, I'll take this into consideration, and I will update this thread if this gets finally implemented.