I was recently troubleshooting a Mysite creation issue. Windows users could create mysites without issue. Claims users were getting a failure, with the following error in the ULS logs. (Mysites are batch created in OWSTimer. When you’re looking for the logs related to this) This error didn’t make a ton of sense. The claims users could hit the mysite host site, with the default view before a mysite is created. This told us that we were getting a good token and SharePoint trusted it.
During the Mysite creation process, the behind the scenes magic needs to resolve the user to give them permission to the site, set ownership, etc. This happens in a manner very similar to what happens when you look someone up via the People Picker. As you may or may not know, when using claims, in order to get the People Picker to work, you need to configure a custom claims provider (links below). SharePoint can’t understand how every incoming claim maps to LDAP attributes, so it needs this info, or it can’t figure out who is who. In this scenario, a custom claims provider had been installed. We took a look at their claims configuration via Powershell using Get-SPTrustedIdentityTokenIssuer “Trustedloginprovidername”. This showed the ClaimProviderName value was null. All this meant was that while the custom claim provider was installed, it was not connected to the SPTrustIdentityTokenIssuer. This was an easy fix. We just had to the PowerShell listed below to fix the issue.
01/01/2014 11:11:11.11 MACHINENAME OWSTIMER.EXE (0x111) 0x111 SharePoint Portal Server Administration 5187 Critical
My Site creation failure for user 'i:0e.t|Some Userfirstname.lastname@example.org' for site url 'http://mysites.ron.net/personal/some_user_ron_net'. The exception was: Microsoft.Office.Server.UserProfiles.PersonalSiteCreateException: A failure was encountered while attempting to create the site. ---> Microsoft.SharePoint.SPException: User cannot be found.
at Microsoft.SharePoint.Administration.SPSiteCollection.Add(SPContentDatabase database, SPSiteSubscription siteSubscription, String siteUrl, String title, String description, UInt32 nLCID, Int32 compatibilityLevel, String webTemplate, String ownerLogin, String ownerName, String ownerEmail, String secondaryContactLogin, String secondaryContactName, String secondaryContactEmail, String quotaTemplate, String sscRootWebUrl, Boolean useHostHeaderAsSiteName, Boolean overrideCompatibilityRestriction)
at Microsoft.SharePoint.SPSite.SelfServiceCreateSite(String siteUrl, String title, String description, UInt32 nLCID, Int32 compatibilityLevel, String webTemplate, String ownerLogin, String ownerName, String ownerEmail, String contactLogin, String contactName, String contactEmail, String quotaTemplate, SPSiteSubscription siteSubscription)
at Microsoft.Office.Server.UserProfiles.UserProfile.<>c__DisplayClass2.<CreateSite>b__0() -
-- End of inner exception stack trace ---
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
at Microsoft.Office.Server.UserProfiles.UserProfile.CreateSite(String strRequestUrl, Boolean bCollision, Int32 overrideCompatLevel, Int32 lcid).
CLAIMS PROVIDER LINKS
Claims Provider in SharePoint 2013 – http://msdn.microsoft.com/en-us/library/office/ee535894.aspx
Plan for custom claims providers for People Picker in SharePoint 2013 – http://technet.microsoft.com/en-us/library/gg602072.aspx
http://blogs.technet.com/b/speschka/ – Lots of info on SP and claims
http://blogs.msdn.com/b/kaevans/ – Lots of info on SP and claims
http://ldapcp.codeplex.com/ – Sample provider
$trust = Get-SPTrustedIdentityTokenIssuer "TRUSTEDLOGINPROVIDER NAME"
$trust.ClaimProviderName = "CustomClaimProviderName"