Known Issues and Additional Resources for Federation Extensions for SharePoint 3.0
This topic discusses known issues with Microsoft Federation Extensions for SharePoint 3.0 and contains links to additional resources.
Known Issues
The following known issues exist with Microsoft Federation Extensions for SharePoint 3.0:
A cookie has expired and the changes made to a document cannot be saved with the same file name.
Issue: If cookies expire and the user is re-authenticated, the changes made to a document prior to cookie expiration are not saved. The following list describes the user’s experience:
The user logs in to the federated Web Application, opens a document, and makes changes.
The user leaves the system idle and the cookie expires. After the cookie expires, the user tries to save the document.
The user is prompted for re-authentication. After successful re-authentication, the user is unable to save the changes he made to the document, and receives an “access denied” message.
Cause: This is a known bug in Office Client 2007 SP2.
Workaround: Save the document with a different file name.
The user is prompted for authentication twice if the types in the URL of the root site in an Open File dialog in Word.
Issue: When a user tries to access SharePoint resources by entering the root site URL in Word, he is prompted twice for authentication. The following list describes the user’s experience:
The user opens Word, opens the File menu, and selects Open.
The user enters a root site URL (for example,
https://docs.contoso.com/sites/mysite) in the Open File dialog.The user is prompted for authentication and then shown an integrated SharePoint structure view.
The user selects the document and clicks Open... and is prompted again for authentication.
The user closes Word.
The user reopens Word and again navigates to File / Open and enters the same site URL (
https://docs.contoso.com/sites/mysite).The user receives a 403 error in the Open... file dialog.
Cause: This is a known bug in Office Client 2007 SP2.
Workaround: No workarounds available.
It is recommended not to install the WIF SDK package on the same SharePoint server where this Federation Extension package is installed.
Issue: This issue is only applicable in cases where the WIF SDK and the Federation Extension package are installed on the same SharePoint server. The SharePoint Federation Utility fails to configure the SharePoint application when the user selects the option to automatically update federation metadata.
Cause: This is a known bug in the Federation Extension package.
Workaround: It is recommended to install the WIF SDK on a separate server than the server on which the Federation Extension package is installed.
It is recommended not to federate SharePoint Web applications that are not extended (that is, their SharePoint security zone is Default only).
Issue: If you configure a role/membership provider on a SharePoint Web application that has only one SharePoint security zone (Default) and has a site collection, then users belonging to that membership provider are able to access the Web application but receive an “access denied” message when they try to access the site collection.
Cause: This is a known bug in SharePoint MOSS 2007 SP2.
Workaround: If the Web application must be federated, extend it to the Extranet, Intranet, or Internet zones and then federate those zones.
It is required that the SHA-256 hashing algorithm is explicitly registered if you are using Windows Server 2003 SP2.
Issue: If you are using Windows Server 2003 SP2 and have not registered the SHA-256 hashing algorithm, you will get an error while attempting to process the federation metadata from the ADFS STS.
Cause: This is because the default hashing algorithm that WIF uses is SHA-256 and this is not registered by default on a computer that is running Windows Server 2003 SP2.
Workaround:
Browse to Security Cryptography Project 18423 (https://www.codeplex.com/clrsecurity/SourceControl/changeset/view/18423) and click Download.
Unzip and build the downloaded Security.Cryptography\src\Security.Cryptography.csproj Visual Studio 2008 project.
Write a program to call Security.Cryptography.Oid2.RegisterSha2OidInformationForRsa().
Execute that program, which will register SHA-256 OID with the operating system.
If this is a 64-bit architecture, you must also recompile the program for the x86 platform and execute it. This is because Visual Studio 2008 is a 32-bit application and requires that the same changes be made in the 32-bit registry.
Sign-Out Support in Microsoft Federation Extensions for SharePoint 3.0
When a user accesses a traditional Windows or Forms authentication SharePoint site, the user has the option to sign out. However, with a federated SharePoint site, this option is not available. Therefore it is recommended that you simply close the browser window to sign-out of a federation enabled application.