Share via

Using Audiences with Claims Auth Sites in SharePoint 2010

  • Article

Something you may not have thought of around using SAML claims is the impact on the Audiences feature in SharePoint 2010.  By default we will only import users from directories like Active Directory and a few LDAP sources.  The problem is that the account name for most SAML claims users is something like i:05:t|adfs with roles|fred@foo.com.  So can you use audiences with these claims users?  The answer is yes, fortunately, but you need to do some work.

The first and most important thing is you’ll need to create profiles for these people.  You can do it manually or you can write some code to do it.  But you need to create these profiles and use the funky i:05:t|adfs with roles|fred@foo.com string as the Account Name.  Then populate the other fields with data that you want to use in your audiences.

Next, go ahead and create new audiences.  You won’t be able to use a user-based for the audience, like member of a group (at least not without writing more code, which is beyond what I’m going to discuss in this posting).  Instead you’ll use the property-based audience.  In my scenario I used the Office field from the profile as the basis for my audience.  I created two profiles for two different claims users and gave one an Office of Clackamas and one Goodyear.  So in my new audience, I created a rule where Office = Clackamas and called it Clackamas Employees.  After I compiled my audience I could see that its membership included my claims user.

To further validate it, I then went into my claims site and targeted a web part at an audience.  The only thing that was a little unexpected is that the picker was not properly populated with a list of all the audiences.  However, when I searched for Clackamas Employees it did find the audience I had created.  I selected that audience for the web part targeting and saved my changes.  Finally I navigated to the site as my two different claims users.  The one that was part of the Clackamas Employees audience saw the part, while the other did not.

Comments

  • Anonymous
    January 01, 2003
    Thank you! I've been struggling with SharePoint Groups as Audiences for months and could not figure it out.  Now it is easily solved with a script instead of the GUI.

  • Anonymous
    January 01, 2003
    thanks

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    August 20, 2010
    Hi, I am trying to add domain users to Claim based site in share point 2010 programatically. It gives me error user not found. In reality user existign in AD & if i use GUI to add user it adds as well. Pl. helop

  • Anonymous
    September 13, 2010
    if the error is "user not found or .. duplicates" .. then it is probably because 2 different claim provider is resolving the same identifier. So if you have custom claim provider and the ad provider both configured on the same site make sure that the custom claim provider does not "Ressolve" the idenitifier... however "Search" should be ok...

  • Anonymous
    October 03, 2012
    Hi Mimijo, Can u please share across the way you have implemented Audience for claims users ?

  • Anonymous
    April 11, 2014
    Good explanation:

    http://kerseub.wordpress.com/2012/04/17/profile-sync-and-claims-authentication/

  • Anonymous
    September 18, 2014
    The comment has been removed