As I’m sure many of you know the Forefront Identity Manager 2010 R2 (FIM R2) portal can be deployed on either Windows SharePoint Services (WSS) 3.0 or SharePoint 2010 Foundation. What I didn’t immediately realise –and I’m yet to actually see any reference to it, hence this post– is that the web application that houses the FIM portal must be running in Classic Mode Authentication.
If you implement a Claims Based Authentication web application the FIM Portal doesn’t work. And let me clarify what I’m talking about here –I’m not trying to do SAML authentication to SharePoint (let’s not worry too much about the inaccuracy of that statement and what actually happens under the covers but instead focus on the available options when creating web applications). I just created a new web application using the recommended Claims Based Authentication type and then configured the authentication provider as Windows Claims, i.e. Negotiate (Kerberos), i.e. I chose:
OK. So this won’t affect those of you who do a standalone installation as that installation type creates the SharePoint – 80 web application using the Classic Mode Authentication setting. This advice is for those of you using a SharePoint farm –in this scenario make sure your web application is created using Classic Mode Authentication: