To optimize performance when you are not performing claims authentication troubleshooting, follow these steps to set user authentication logging to its default values. In Least critical event to report to the trace log, select Verbose. In Least critical event to report to the event log, select Verbose. In the list of categories, expand SharePoint Foundation, and then select Authentication Authorization and Claims Authentication.
To configure SharePoint Server for the maximum amount of user authentication loggingįrom Central Administration, click Monitoring on the Quick Launch, and then click Configure diagnostic logging. The following procedure configures SharePoint Server to log the maximum amount of information for claims authentication attempts. Setting the level of ULS logging for user authentication Use Network Monitor 3.4 to capture and examine the details of user authentication network traffic. If you are using Active Directory Federation Services 2.0 (AD FS) as your federation provider for Security Assertion Markup Language (SAML)-based claims authentication, you can use AD FS logging to determine the claims that are in security tokens that AD FS issues to web client computers. Use Central Administration to verify the details of user authentication settings for SharePoint web applications and zones and configure levels of ULS logging. Use Unified Logging System (ULS) logs to obtain the details of authentication transactions. The following are the primary troubleshooting tools that Microsoft provides to collect information about claims authentication in SharePoint Server: If the resource is contained within a SharePoint web application that uses claims-based authentication, use the information in this article to start troubleshooting. If the message indicates that authentication failed, you have an authentication problem. Use the tools and techniques in this article to determine the set of claims in the user's security token so that you can compare it with the configured permissions. For more information, see User permissions and permission levels in SharePoint Server. Verify that the user or a group to which the user belongs has been configured to use the appropriate permissions. The most common reason for failed authorization when you are using Security Assertion Markup Language (SAML) claims-based authentication is that the permissions were assigned to a user's Windows-based account (domain\user) instead of the user's SAML identity claim. To troubleshoot authorization, try the following solutions: If the error message indicates that the user does not have access to the site, then the authentication was successful and the authorization failed. To determine whether authentication or authorization causes an access issue, look closely at the error message in the browser window. Authorization verifies that access to the resource is allowed, based on the set of claims in the security token and the configured permissions for the resource. When you are using claims, authentication verifies that the security token is valid. Successful access to a SharePoint resource requires both authentication and authorization.
If you use tools that Microsoft provides and use a systematic approach to examine failures, you can learn about common issues that relate to claims-based authentication and resolve them.
When users try to connect to a web application, logs record failed authentication events.
APPLIES TO: 2013 2016 2019 Subscription Edition SharePoint in Microsoft 365
0 kommentar(er)
