Unable to Select "Claim Provider Identifier" After Recreating Trusted Identify Provider
We have been working onsite to make our corporate portal claims enabled with Siteminder and an XML/API gateway called Vordel. We have been successful in getting the Trusted Identify Provider (TIP) to create the user mappings. Long story short, our vendor asked us to loop the farm back to classic so that we could test the migration again. So, we refreshed the databases, removed the TIP - and went back to square one.
However, when we went back to square one - I ran into some problems. I was simply unable to get the "Claim Provider Identifier" to populate automatically (as it was supported to do - reference ).
So, notice below - this is how I *wanted* things to look. I was using 'mail' as the SPS-ClaimID and my TIP was called SNI.
https://dl.dropboxusercontent.com/u/12309192/2013-04-26%2011_10_41-SNI%20-%20visionapp%20Remote%20Desktop%202012.jpg
However, like I indicated - when I rolled back - I was unable to get the "Claim Identify Provider" to show up. I was able to get SPS-ClaimiD as well as (when I added the TIP using the Powershell command) the "Claim Provider Type" = Trusted. So, it looks like something got STUCK in the database somewhere.
I found a trick however. I edited it using the "Forfront Identify Manager" client ("C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe"). Honestly, it's probably the greatest program known to SharePoint UPA administration. Know it, learn it, love it.
Open up FIMs and click on the connection titled "Extensible Connectivity" and select "Properties"
https://dl.dropboxusercontent.com/u/12309192/2013-04-26%2011_26_38-SNI%20-%20visionapp%20Remote%20Desktop%202012.jpg
Ok - now navigate to "Configure Attribute Flow." This seems to be the guts of the UPA and if something gets hosed up in CA - you can come in here and right every wrong. It's the place where life magically becomes a little more fair. A happier place.
Notice, and I don't know why - but in the metaverse attribute - I have "SPS_MV_String_SPS-ClaimProviderID" in there. I have no idea how/why/what this means. However, it didn't match DEV and DEV was working. So, I fixed it.
https://dl.dropboxusercontent.com/u/12309192/2013-04-26%2011_27_51-SNI%20-%20visionapp%20Remote%20Desktop%202012.jpg
To make it work - select "SPS-ClaimProviderID" and click "EDIT". You will notice that the mapping will change in the upper window. Verify that you got this right - and it looks EXACTLY like what I have below. THEN, click OK. You will then go into "User Property Mappings" in CA -> User Profile and see that your TIP is in there.
https://dl.dropboxusercontent.com/u/12309192/2013-04-26%2011_33_21-SNI%20-%20visionapp%20Remote%20Desktop%202012.jpg
You can do a lot of stuff in here - of course, nobody recommends using this as the first option - but if you're having some problems getting things to map - this appears to be a pretty good tool to use that has bailed me out a few times. YMMV.