This project has moved and is read-only. For the latest updates, please go here.

Claim Provider (SPClaimProvider) Application for SharePoint 2013 and 2016

Publishing SharePoint on the internet, using cloud services, Office 365 has become commonplace.
However, companies needs to master the identity management of their employees and partners while providing unified access.
Since the 2010 version, SharePoint is able to integrate with identity federation systems for identification (WSFED, SAML, OpenID-Connect (2016)) or authorization protocols like OAuth 2 (Notably used for model Apps (SP 2013))
In this context, based on standards, no implementation has been provided for managing federated identification, this is widely open.
To make SharePoint working fine with Microsoft ADFS federation server or other IDP,  you must implement, develop a "Claim Provider" component. The Claim Provider component provide the necessary access to corporate directories, Build of the Security Token, and an efficient Peoplepicker.
You can find many examples on the internet for a "Custom Claim Provider". So, is not new ! And, our component too is not new ! he is powerful, generic, extensible, "industrial". The first version was build in 2010 and was designed to handle an infrastructure of fifty Active Directory forests, spread worldwide for tens of thousands users. Since, almost all of our SharePoint farm projects use this component, either for Windows Authentication, but especially in projects where the SSO takes place. Today dozens of our customers use "SharePoint Identity Service" in production.


Neos-SDI is a global business and technology consulting firm that leads organizations toward innovative growth faster through the identification, application and support of inspired technology solutions. By leveraging our unique methodologies, we are able to help our clients envision the unique ways technology can be successfully applied to their business. Our envisioning sessions are intended to inspire the use of technology in differentiated ways in order to optimize our client's potential for growth. Founded in Paris in 2001, the source of Neos-SDI’s success is attributed to over 150 certified consultants, and 14 gold and two silver Microsoft Partner competencies; making Neos-SDI one of the top 10 Microsoft Partners worldwide.

Feel free to follow our projects on codeplex, github


  • Localized French/English
  • Farm Solution
  • Service management with PowerShell or Administration Console
  • Provisioning on selected servers via Administration console or PowerShell
  • Build As a Service Application (like Search or User Profile)
  • Store configuration in a SharePoint Service Database per Service instance
  • Configuration, creation, update, rights, … are done in Administration Console (manage service applications)
  • One Service Application per Trusted Identity Token Issuer
  • Small footprint of the component on Web Front Ends
  • Use of SharePoint Load balancing between Proxies and Application Instances (can run on multiple App Servers)
  • Customizable display for People Picker.
  • Customizable Identity Claim
  • Customizable Roles Claim
  • Publish needed claims for use with Kerberos Constraint Delegation
  • Can Replace and Restore the default Windows Claims Provider
  • Build as extensions for repositories access, customizable, Programming Model for custom extensions (see Documentation)
  • Claims augmentation support
  • Active Directory Connector
    • Detects approbation relationships
    • Detects unavailable domains/forests
    • Parallel requests (multi-threaded) against multiple domains/forests
    • Support root and sub domains (you can provide credentials for each)
  • Azure Active Directory Connector (planned)
  • Connections management
  • Domains management (enabled, display, position, sorting, …)  
  • Cache for domain entities
  • Jobs for services Warm-Up and cache refresh
  • ULS tracing and Event Viewer logs.
  • Administration pages and PowerShell cmdlets
  • And more….


  • Supported by SharePoint 2016 (standard/enterprise) - Windows 2016/SQL Server 2016
  • Supported by SharePoint 2013 (standard/enterprise)
  • Support removed for SharePoint 2010 (but can be rebuild with small modifications)
  • Prerequisite – SSO enabled
  • Windows Claims Provider Replacement recommended only if you have a complex Active Directory configuration, otherwise the default is working fine
  • Identity Claims supported : UPN (recommended), Email, Account (aka : SAMAccount for windows extension)


See :  Documentation

Last edited Dec 22, 2016 at 8:41 PM by redhook, version 16