This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 28.000000000000004%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHK%3C/text%3E%3C/svg%3E)
Hi,
I should start by saying this is the first time i'm dealing with sharepoint user auth. One of my customer requires users from different identity providers to be able authenticate their users to sharepoint sites within the organization.
Currently we are using the standart AD LDAP auth method but I'm looking for a way to add another auth provider. The information i have is as follows:
They have an oauth2 based identitiy provider system in-house developed software. And they told me they have ldap as authentication provider. I also recieved a postman json file for oauth2 protocol they used. But that doesn't mean much to me at this point.
Please let me know if the above information is enough. If not i'll ask for more information that you might require to provide a solution.
edit: i added json i was provided with.
edit2: the said ldap integration was for ad user to authenticate through custom oauth2 based identity provider. At first i thought it would work between oauth2 and sharepoint but that isnt the case.
edit3: would it be possible to create asp.net forms auth page that talks with oauth2 protocols given in json file below? And add that fba to sharepoint auth provider list?
SharePoint natively supports FBA or more likely what you want, SAML 1.1. For SAML, you need to integrate it with the customer's identity provider (i.e. AD FS or some other cloud-based IdP). The IdP prompts the user for authentication -- SharePoint only handles authorization.
Hi @HarunKara-9729 ,
I agree with trevor's suggestion.
In this situation, we could use SAML Claims Mode to get SAML Access Token from external custom Authentication Provider and authenticate user.
Here is a official guidence about setting up SAML Authentication and create Trust identity Provider for your reference:
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for the answers, I really appreciate it. I will attempt to impelement a solution by the end of this week. And I will post the results and flag an answer accordingly.
So I think I need to create a custom identitiy provider that is saml based following this link: https://learn.microsoft.com/en-us/previous-versions/office/developer/sharepoint-2010/ff955607(v=office.14)?redirectedfrom=MSDN
After creating that provider i will add as IP-STS to sharepoint server farm. And that auth provider will talk to oauth2 identity provider in the background. I found some links for integration saml to oauth2, here are the links:
https://wiki.scn.sap.com/wiki/display/Security/Using+OAuth+2.0+from+a+Web+Application+with+SAML+Bearer+Assertion+Flow
https://blog.scottlogic.com/2015/11/19/oauth2-with-saml2.html
Am i on the right path? I have no idea what i am doing :) I am in need of your opinion, thanks!
@Jerryzy-MSFT @trevorseward
Hi @HarunKara-9729 ,
You are in the right way.
And here is a video which explain the OAuth Implemention, hope will be helpful to you: