Microsoft SharePoint Products and Technologies Team Blog

Two "must-have" SharePoint addon products were released earlier today. The first is a cross browser compatible replacement for the rich text editor in MOSS 2007 that was mentioned on this blog about 6 weeks ago. The second is an offline reader for WSS 3.0 and MOSS 2007 sites, which I highly recommend for staying up to date with frequently updated sites such as the SharePoint Community Portal. And yes, they are both available for free!

 

With the release of the r.a.d.editor for MOSS, Telerik has taken into account the feedback they gathered during the beta period. In addition to the downloadable file on their website at http://www.telerik.com/sharepoint, Telerik has also published a Deployment and Customization manual as well as a Feature Comparison guide for r.a.d.editor for MOSS vs. the OOTB MOSS rich-text editor vs. the full featured r.a.d.editor for ASP.NET.

Colligo Reader for SharePoint enables you to easily download content from SharePoint sites to your laptop, so you can access the content offline rather than having to copy files one by one through a browser. Reader is a client-only application, and no server modifications are required. If you want the ability to add or update SharePoint content offline, Colligo offers a full featured Contributor for SharePoint product.

I look forward to seeing (and using) many more innovative SharePoint addons from our ISV partners in the coming months!

<Lawrence />

SQL Server 2005 Service Pack 2 (SP2), which will be released any minute now :-), enables deep integration between Reporting Services and SharePoint technologies (Windows SharePoint Services 3.0 and Office SharePoint Server 2007). This integration enables an end-user to view and manage reports completely from within a SharePoint environment. The following is an excerpt from the upcoming 2007 Microsoft Office System Business Intelligence Integration with SQL Server 2005 whitepaper. [I"ll add the URL as soon as the paper is available online.]

<Lawrence />

 

Office SharePoint Server 2007 Integration Features and Benefits

There are numerous benefits and advantages to integrating Reporting Services with Office SharePoint Server 2007. Prior to SP2, Reporting Services reports were published to a report server and were executed solely in that environment. The integration point between Reporting Services and SharePoint was two separate Web Parts: Report Explorer and Report Viewer. These Web Parts made it possible to view reports within SharePoint, but presented these challenges:

• The report content source was always separate from the SharePoint content source.
• Reports were hosted on a report server and were only displayed within the SharePoint environment.
• Security of reports was managed by the report server, so there was no unified security model.
• The user interface was not consistent between managing and viewing reports because each was performed in a separate environment.
• Filtering of report data could only be done by using report parameters that had to be defined in the reports themselves.
• Internet-facing SharePoint sites required deploying the report server outside the firewall.

With SQL Server 2005 SP2, deep integration with Office SharePoint Server 2007 offers numerous advantages, including:

• Single consistent user interface for managing and viewing reports.
• A much richer user experience.
• Storing reports in Office SharePoint Server 2007 document libraries. This allows a report to use standard Office SharePoint Server 2007 features, such as workflow, versioning, and collaboration.
• Reports and all associated resources are stored within the Office SharePoint Server 2007 database and are automatically synchronized with the same reports that are stored and executed from the report server. Scheduling, caching, and subscriptions are stored in the report server database only because this functionality is not available natively in a SharePoint document library.
• Single security model for reports because they are treated like any other document inside a SharePoint document library.
• Common report filtering paradigm that is used in SharePoint document libraries and filtering Web Parts.

Integration with Report Center

While Reporting Services reports can be managed in any site or document library, Office SharePoint Server 2007 includes out of the box functionality for reporting, referred to as the Report Center. Report Center is delivered as a site template to enable you to easily create an Office SharePoint Server 2007 site for hosting reports. When you create a site using this template, navigation bar links are added to manage reporting resources, as shown in Figure 1. Figure 1 also shows a sample dashboard with defined Key Performance Indicators (KPIs).

Figure 1: Navigation Bar Links Highlighting New Resources Category.

The navigation bar links in the Report Center site template are:

• Documents – Document library to store a collection of documents.
• Reports – Document library that can be used for managing Reporting Services and Excel Services reports.
• Dashboards – Listing of all dashboards that you can configure for your users. For example, you can have one dashboard that shows executives the report KPIs that are useful to them. However, project managers need to see more detailed information about their projects, so they would need a different dashboard with different KPIs.
• Resources – Folder containing these types of resources that can be used with Reporting Services reports:
  • Data Connections – Document library that contains shared data sources and/or report models that can be used among all reports.
  • Report Calendar – Calendar list that can contain any date-related information for a report or report schedule. For example, you can indicate on which dates report data is refreshed or loaded. This item has no specific integration points with Reporting Services.
  • Reference Library – Document library for you to place documents that can help end-users with the navigation and usage of the report center. This item has no specific integration points with Reporting Services.

Having resources stored in separate document libraries enables you to configure versioning, workflow, and security separately for each resource. For example, you can configure security to only allow members of the IT department to modify or upload data connections. Likewise, you can configure workflow in Office SharePoint Server 2007 to require approval for new reports.

Selecting the Right Mode

SQL Server 2005 Reporting Services can operate in either Native Mode or SharePoint Integration Mode. As Reporting Services supports multiple instances, you also have the option of using both modes simultaneously on a single server. This section outlines some considerations you should think about to help determine which mode to use in your organization.

Native Mode

The term Native Mode in Reporting Services 2005 Service Pack 2 refers to the existing way that Reporting Services operates. The report server is responsible for management of all Reporting Services functionality, including report storage, rendering, scheduling, subscriptions, security, and administration. Reports, data sources, and report models are all stored in the report server database.

Native Mode is appropriate for any organization that does not implement Windows SharePoint Services 3.0 or Office SharePoint Server 2007, or does not need the added functionality of Integration Mode (see next section). If your organization uses Windows SharePoint Services 2.0 or SharePoint Portal Server 2003, you will not be able to leverage the additional productivity and security features of Integration Mode until you upgrade to Windows SharePoint Services 3.0 or SharePoint Portal Server 2007.

SharePoint Integration Mode

Using Reporting Services 2005 in SharePoint Integration Mode enables some significant benefits to the end-user and the organization as a whole, as follows:

• Uses SharePoint document libraries to store reports, data sources, and report models.
• Enables publishing, viewing, management, and delivery of Reporting Services reports from the same user interface used for managing Office documents.
• Enables organizations to construct BI dashboards with rich reports.
• Leverages workflow and collaboration capabilities that are already available in Office SharePoint Server 2007.

When using SharePoint Integration Mode, some features that are available in Native Mode are replaced with comparable functionality in Office SharePoint Server 2007 or are no longer available. The Reporting Services features that are not available in Integration Mode are:

• Report Manager
• Management Studio
• My Reports
• Linked Reports
• Job Management

Note: There is no support for migrating native mode reports to SharePoint integration mode. You can use those reports, but you must manually republish them to the Office SharePoint Server 2007.

Installation Components and Setup

Integrating Reporting Services with Office SharePoint Server 2007 requires these components to be installed:

• SQL Server 2005 Reporting Services – hosts Reporting Services reports and communicates with Office SharePoint Server 2007 using a Web Services interface. The Reporting Services server also manages subscriptions and report caching. This server can be separate from the Office SharePoint Server 2007, but if it is, you must also do a basic install of Office SharePoint Server 2007 on the Reporting Services server to ensure that the Windows SharePoint Services (WSS) 3.0 object model is installed.
• SQL Server 2005 Service Pack 2 – enables Office SharePoint Server 2007 and Reporting Services integration on the report server.
• Office SharePoint Server 2007 –Serves as the central access point for all reports and business data. Alternately, you can use Windows SharePoint Services 3.0.
• Microsoft SQL Server 2005 Reporting Services Add-in for Microsoft SharePoint Technologies - This feature includes the Report Viewer Web Part and the new report management user interface.

After installing the required components to integrate Reporting Services with Office SharePoint Server 2007, both the report server and SharePoint server need to be configured. The following sections outline the configurations necessary to achieve integration.

Report Server Configuration

After installing SQL Server 2005 Service Pack 2 on the Reporting Services server, a new configuration option becomes available, called SharePoint Integration, as shown in Figure 2.

Figure 2: Configuring Report Server SharePoint Integration.

SharePoint Server Configuration

After installing the Microsoft SQL Server 2005 Reporting Services Add-in for Microsoft SharePoint Technologies feature of the Feature Pack for SQL Server 2005 Service Pack 2, a new application becomes available under the Application Management tab. This new application is shown in Figure 3.

Figure 3: Configuring the Reporting Services Application in Office SharePoint Server 2007.

To configure Reporting Services, you must set each of the options shown in Figure 4, as follows:

• Manage integration settings – To configure the Report Server Web Service URL and Authentication Mode (either Windows or other trusted account).
• Grant database access – To configure the name of the report server database server instance name.
• Set server defaults – To configure report server timeouts and other options.

Creating Reports

Once Reporting Services and Office SharePoint Server 2007 integration is setup, reports can be created and deployed to the Office SharePoint Server 2007. Creation of reports can be done in one of two ways: one for developers and one for end-users. Each is discussed in the following sections.

Developers

Developers use Visual Studio®-based SQL Server Business Intelligence Development Studio to create reports. After installing the SQL Server 2005 workstation components, many business intelligence project templates become available, as shown in Figure 4.

Figure 4: Visual Studio 2005 Business Intelligence Project Types.

Note in Figure 5 that Report Model Project is selected. A Report Model is a way to define the data which can be used by end-users to create reports (see next section). Alternatively, developers can create a blank Report Server Project or use the Report Server Project Wizard to help guide the user through the process of creating reports and specifying data sources.

End-Users

End-Users can create reports as well as developers, but a developer must first make the data available to those users. Making data available is done using a Report Model. A Report Model defines the data source of a report, the security parameters for the data source, and the tables, fields, and relationships used for the model. This model is then published to an Office SharePoint Server 2007.

Once the Report Model is published to the Office SharePoint Server 2007, end-users can create reports using Report Builder. This is a ClickOnce application that is downloaded automatically from the Office SharePoint Server 2007 and installed as a component on the user’s workstation. Report Builder enables the end-user to create and publish reports to the Office SharePoint Server 2007 using the Report Model that the developer created. Figure 5 shows the Report Builder tool.

Figure 5: Designing Reports in Report Builder.

Viewing Reports

Once reports are created and deployed to the Office SharePoint Server 2007, they are ready to be viewed. Report security is set the same way it is for any SharePoint document. You can set security permissions on libraries, folders, or individual files.

If a user navigates to a report in a report library on the Office SharePoint Server 2007, the reports can be viewed simply by clicking the desired file name. The integration components know how to connect to the report server Web Service to render the report from within the Office SharePoint Server 2007 environment. Figure 6 shows a rendered report in Office SharePoint Server 2007.

Figure 6: Rendered Report within the Office SharePoint Server 2007 Environment.

Reports in a report library are rendered using a Report Viewer Web Part. Any SharePoint page can also be modified to display reports by using the Report Viewer Web Part. Report Viewer Web Parts can also be connected to SharePoint Filter Web Parts to limit the data displayed in reports.

Managing Reports

When Reporting Services is integrated with Office SharePoint Server 2007, report management is then performed using the same SharePoint document library as the one used to launch reports. Managing reports is as simple as navigating to the correct report in the SharePoint document library and clicking the down arrow. The user is presented with a host of options, as shown in Figure 7.

Figure 7: Managing Reports in Office SharePoint Server 2007.

Figure 7 shows these possible report management actions:

• View Properties – Standard Office SharePoint Server 2007 functionality to view document properties. Organizations can employ standardization for properties that will be used in reports, such as including categories, sub-categories, timestamps, approvals, and more.
• Edit Properties – Standard Office SharePoint Server 2007 functionality to edit document properties. SharePoint Office Server 2007 can be configured to make properties mandatory. This can enable organizations to provide valid metadata for each report in the report library.
• Manage Permissions – Standard Office SharePoint Server 2007 functionality to manage the permissions of the document. This is one of the main benefits of integrating Reporting Services with Office SharePoint Server 2007. A common security model is used to secure reports, folders, files, and libraries. System Administrators can easily assign security and troubleshoot report execution problems.
• Edit in Report Builder – Reporting Services functionality to launch the Report Builder tool to edit the definition of the report (see Figure 6). Report Builder enables end-users to easily modify or create reports and publish them to the Office SharePoint Server 2007.
• Delete – Standard Office SharePoint Server 2007 functionality to delete the document from the document library.
• Manage Subscriptions – Reporting Services functionality to add, edit, and delete report subscriptions. Users that subscribe to reports can automatically be notified when data changes in reports. For example, sales people can subscribe to a report to automatically receive their weekly sales figures via email.
• Manage Data Sources – Reporting Services functionality to select a shared or custom data source for the report. Shared data sources enable one data source definition to be used across multiple reports.
• Manage Parameters – Reporting Services functionality to manage the values and prompts for all parameters passed into the report. Parameters are a way to limit the data that is displayed in a report. For example, a report parameter named Year can be specified to limit the report data to the selected year when the report is run.
• Manage Processing Options – Reporting Services functionality to choose processing and snapshot options and timeouts. Snapshots and timeouts affect the performance of the Reporting Services server. It is important to consider these options to keep the server performing as well as possible.
• View Report History – Reporting Services functionality to view the history of report processing.
• Send To – Standard Office SharePoint Server 2007 functionality to send the document to another location.
• Check Out – Standard Office SharePoint Server 2007 functionality to check out the document in order to publish changes. The ability to check out, and then publish a report, data source, or data model is one of the major advantages to integrating Reporting Services with Office SharePoint Server 2007. A report, or any other document, can be checked out, modified, and have workflow optionally applied to the document before it is published back into the Office SharePoint Server 2007.
• Publish a Major Version – Standard Office SharePoint Server 2007 functionality to publish a version of a checked-out document. When significant changes to a document occur, it can be helpful to flag the document as a major version so that users have an indication as to the scope of changes in the document. A major version uses the format of version 1.x, 2.x, 3.x, etc.
• Version History – Standard Office SharePoint Server 2007 functionality to view the published versions of a document.
• Alert Me – Standard Office SharePoint Server 2007 functionality to alert a user to changes in the document. This option notifies a user when there is a change to the report definition itself, as opposed to the data being changed in a report.

A few more presentation files (and sample code!) have been posted to the European SharePoint Conference document library (http://sharepoint.microsoft.com/sharepoint/SPCEU2007) on the SharePoint Community Portal. Many more files will be posted within the next couple of weeks. The best way for you to keep up to date with future file postings is to subscribe to the doclib"s RSS feed, which includes direct links to the files as well as the files themselves as RSS Enclosures. So, if your feed reader supports RSS Enclosures, you can configure it to download the files automatically!

This functionality has been brought to you by SharePoint"s nifty RSS capabilities, which have been "baked into" all lists and libraries. For the SPCEU2007 doclib, I simply went into its RSS Settings page and enabled the options shown below.

To participate in Q&A and discussions about what you saw or heard at the conference, please utilize the SharePoint community forums rather than the comments area for this blog entry. :-)

I envision a future (within the next 6 months or so) that brings much tighter integration between conference websites, the SharePoint Community Portal, and the SharePoint community forums. Given that conferences provide the best opportunities for people to meet and network, it would be great for the Community Portal to provide a way (or various ways) for people to maintain their connections and perhaps even to build new ones before the next conference, where they will meet in person to strengthen their connections. Chatting over a few drinks from across the table will beat typing on the keyboard from across the world any day! :-)

Here"s to community!

 

<Lawrence />

Yes, that"s right -- SharePoint and Elvis on the same stage together. :-) Based on the success of the European SharePoint Conference (more info here), many of us in the SharePoint product group surely feel like kings right now. But kings don"t survive very long if they don"t listen to their people or appreciate their supporters.

So, first, I"m happy to announce that based on feedback from many of our team blog"s loyal readers, I"ve disabled the Snap live previews.

Second, on behalf of the SharePoint product group as well as my colleagues, Peter Fischer and Wim Dierickx, in Germany, I"d like to thank the following companies for being Premier Partners in sponsoring the European SharePoint Conference.
       

The rest of our sponsoring partners for the European SharePoint Conference are listed here.

I look forward to seeing many of our partners at the upcoming Asia Pacific SharePoint Conference in Sydney, Australia in early May (just a few months away!). More information about the conference will be posted here very shortly.

[Update: The next SharePoint Conference in the United States is scheduled for March 3-7, 2008 (yes, next year) to be held at the Seattle Convention Center. Until then, I"d recommend the SharePoint Connections Conference (it"s not Microsoft hosted, but we will be a sponsor) being held on March 25-28 in Orlando, FL or the Microsoft TechEd Conference on June 4-8 in Orlando, FL as well. Both conferences will have plenty of SharePoint oriented sessions and content.]

 

<Lawrence />

No, I"m not talking about insurance claims. :-) Rather, I"m referring to identity claims that are federated between different authentication systems. As a follow-up to Steve Peschka"s widely read and referenced Configuring Multiple Authentication Providers for SharePoint 2007 blog entry, below is the cross posted entry from the ADFS Blog that Steve and Jim Simonet (a Support Escalation Engineer for Directory Services) went far above and beyond their regular job duties to put together during the past several weeks.

The work that Steve and Jim did was so thorough and well documented that our TechNet documentation team decided to turn their blog entry into an official technical article, which will be published within the next few days at the following links:

• Configure Web SSO authentication by using ADFS (for Office SharePoint Server 2007)
• Configure Web SSO authentication by using ADFS (for Windows SharePoint Services 3.0)

<cross-posting from the ADFS Blog>

Hi, this is Jim Simonet from the Enterprise Platform Support team and Steve Peschka from the SharePoint Ranger team. In this blog we’re going to talk about how to configure Active Directory Federated Services (ADFS) with SharePoint 2007. We have actually been working on this document for a few weeks now. The TechNet team has leveraged this document and will be publishing their content very soon. There are a few screen shots in this doc that couldn’t make it into the Technet document, also the format and order of steps will be slightly different.

Prior to beginning this blog, you should read a couple of related materials. They contain content that is too verbose to include here, but that will be valuable in helping you understand the concepts presented here.

• Information about configuring the authentication provider in MOSS is here.

• This install guide is built with server names from the Adatum-Trey Research step-by-step guide for setting up ADFS in a small lab environment. In this example a new server named Trey-MOSS was joined to the Treyresearch forest instead of using ADFSWEB as described in the step-by-step document. You will need to follow the steps in this step-by-step guide to configure your ADFS infrastructure. SharePoint 2007 is a claims-aware application though, so you don’t need to implement all of the steps for building NT token agent applications. The new server, Trey-MOSS will need to be Windows Server 2003 R2 (STD or ENT) and will need to have the Claims Aware Web Agent installed.

In addition, before you start you need to download and install a hotfix for ADFS. Without this hotfix, the information below will not work. You can find information about this hotfix at http://support.microsoft.com/kb/920764/en-us.

The steps in this blog will help you configure MOSS with the WebSSO provider. It is setup in a typical Extranet scenario that Steve discusses in his blog.

The site will exist in two zones – the default zone and an extranet zone. The same content will be in both, but the intranet zone will use the Windows Authentication Provider and the Extranet zone will use the WebSSO provider.

• Install MOSS and successfully complete the Configuration Wizard
• Launch /folder/sharepoint.htm Central Admin Site
• From Application Management – choose Create or Extend Web Application,
• Choose Create a new web application. This is how the initial web application that uses Windows authentication will be created.
• Complete the steps in the page by extending the existing IIS web site on port 80.
• Choose Create or Extend Web Application again, this time choose Extend an existing Web Application
• Choose the web application you previously created using Windows authentication to extend
• Add a host header – this is the DNS name by which the site will be known to users in the Extranet (extranet.treyresearch.net)
• Change the zone to Extranet
• Select the radio button that says “Use Secure Sockets Layer (SSL)”, and change the port number to 443. ADFS will only work with a site that is configured to use SSL.
• Remove the “:443” text from the end of the “Load Balanced URL” edit box. IIS will automatically use port 443 since you specified the port number above.
• Complete the rest of the steps in the page and finish extending the web application

If you look at the Alternate Access Mappings (AAM) page it should look something like this:

Add an SSL certificate to the Extranet Web Site in IIS. Make sure this SSL certificate is issued to extranet.treyresearch.net – this is the name which will be used by the clients when accessing the sites. Here is an example of how the certificate looks:

At this point – you should have a web site extended to the Extranet zone, a SSL certificate installed, and the AAM should show both the default Windows authentication site URL and Extranet zone SSL site URL.

Working with Groups

In SharePoint rights are typically provisioned using groups – Active Directory groups are added to SharePoint Site Groups. Those site groups have a set of permissions associated with them, so your membership in a given Active Directory and Site Group determines what rights you have within a site.

When you use ADFS as a role provider in SharePoint, the process needs to change. The reason for that is because there isn’t a way for the WebSSO provider to directly resolve an Active Directory group – instead it resolves membership through something in ADFS called Organizational Claims. You will need to do some work to create a set of Organizational Claims in ADFS that map to the SharePoint Site Groups into which you want to add users; you can then associate multiple Active Directory groups with an ADFS Organizational Claim on the account partner. The key take away here is – when you add permissions on SharePoint, you will add and associate Group Claims with the SharePoint Roles – not Windows Security Groups. This is very important to keep in mind as you go through the rest of the document.

Here is the process in ADFS for creating the new Organizational Claims and associating the account side Active Directory Groups with them:

In the Adatum Forest (Account Forest)

1. Create a Windows Group called Trey MOSS Readers
2. Create a Windows Group called Trey MOSS Contributors
3. Add Alansh to the MOSS readers group and Adamcar to the contributors group
4. Launch ADFS.MSC
5. Create an Organizational Group Claim called Trey MOSS Readers
6. Create an Organizational Group Claim called Trey MOSS Contributors
7. Right click the Active Directory account store and choose New Group Claim Extraction
   1. Choose the Trey MOSS Readers Group Claim and associate it with the Trey MOSS Readers Windows Group
   2. Do another group claim extraction and associate the Contributor claim with the Contributor Group
8. Right click the Trey Research Account Partner and create the outgoing claim mappings
   1. Choose the Trey MOSS Reader claim and map to outgoing claim adatum-trey-readers
   2. Choose the Trey MOSS Contributor claim and map to outgoing claim adatum-trey-contributors

NOTE: The claim mapping names in step 8 must be agreed upon between the organizations and must match exactly.

On the Trey Research side – launch ADFS.MSC

1. Create an Organizational Group Claim called Adatum MOSS Readers
2. Create an Organizational Group Claim called Adatum MOSS Contributors
3. Create incoming group mappings for your claims
   1. Right click the Adatum account partner and choose Incoming Group Claim Mapping
   2. Choose Adatum MOSS Readers and map it to incoming claim name adatum-trey-readers
   3. Choose Adatum MOSS Contributors and map it to incoming claim name adatum-trey-contributors
4. Enable the claims for the MOSS application
   1. Click on the MOSS application – right click and choose enable on both the Reader and Contributor claims

Now we are ready to modify SharePoint so that we will be able to add the Claims to the Extranet site that has been extended

Change the web.config on the Central admin site and web.config on the /folder/sharepoint.htm 80 (Windows Authentication site)

In both web.config files add this section directly below the <authentication mode> section

<membership>

<providers>

<add name="SingleSignOnMembershipProvider2" type="System.Web.Security.SingleSignOn.SingleSignOnMembershipProvider2, System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" fs="https://fs-server/adfs/fs/federationserverservice.asmx" />

</providers>

</membership>

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">

<providers>

<remove name="AspNetSqlRoleProvider" /> <add name="SingleSignOnRoleProvider2" type="System.Web.Security.SingleSignOn.SingleSignOnRoleProvider2, System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" fs="https://fs-server/adfs/fs/federationserverservice.asmx" />

</providers>

</roleManager>

Change fs-server to reflect your resource Federation Server (i.e. adfsresource.treyresearch.net) and take note of the membership provider and role provider names because you will need to add these exact names on the Central Admin Page.

This change is necessary so that the web sites can resolve users and groups using the WebSSO/ADFS provider. One of the reasons you may do this is to be able to configure Policies for the web application for different ADFS users and groups, or for users that are authenticating with Windows to be able to provision permissions for ADFS users. One thing to note in the example above, since both of these sites using Windows authentication, they always use Windows authentication for the role provider -- that’s why the AspNetWindowsTokenRoleProvider is set as the default role provider.

Configure the Authentication provider for the extranet web application to use WebSSO.

Open your browser and navigate to the Central Administration site, click on Application Management and then on Authentication Providers. Make sure that you are working on the web application for which you wish to enable WebSSO.

You should see a list of two zones that are mapped for this web application; both should say Windows. Click on the link that says Windows for the web application in the Extranet zone and do the following:

1. In the Authentication Type section, click on the Web Single Sign On radio button. The page will post back and expose two new edit boxes.
2. In the Membership provider name edit box, type in the name of your web application’s Membership provider for the current zone. That is the name attribute value that was highlighted in the Membership element (SingleSignOnMembershipProvider2)
3. In the Role manager name edit box, type in the name of your web application’s Role provider. That is the value that was highlighted in the name attribute value of the roleManager element (SingleSignOnRoleProvider2)
4. Click the Save button.

Modify the web.config file for the Extranet site:

Add the following entry within the <configSections> node

<sectionGroup name="system.web">

<section name="websso" type="System.Web.Security.SingleSignOn.WebSsoConfigurationHandler, System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null" />

</sectionGroup>

Add the following entry to the <httpModules> node

<add name="Identity Federation Services Application Authentication Module" type="System.Web.Security.SingleSignOn.WebSsoAuthenticationModule, System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null" />

The ADFS authentication module should always be specified after the sharepoint SPRequest module in the in the <httpModules> section of the web.config file. It is safest to add it as the last entry in that section.

Add the following entry to the directly after the <authentication mode> node

<membership defaultProvider="SingleSignOnMembershipProvider2">

<providers>

<add name="SingleSignOnMembershipProvider2" type="System.Web.Security.SingleSignOn.SingleSignOnMembershipProvider2, System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" fs="https://fs-server/adfs/fs/federationserverservice.asmx" />

</providers>

</membership>

<roleManager enabled="true" defaultProvider="SingleSignOnRoleProvider2">

<providers>

<add name="SingleSignOnRoleProvider2" type="System.Web.Security.SingleSignOn.SingleSignOnRoleProvider2, System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" fs="https://fs-server/adfs/fs/federationserverservice.asmx" />

</providers>

</roleManager>

<websso>

<authenticationrequired />

<auditlevel>55</auditlevel>

<urls>

<returnurl>https://your_application</returnurl>

</urls>

<cookies Persistent="True">

<path>/</path>

</cookies>

<fs>https://fs-server/adfs/fs/federationserverservice.asmx</fs>

<!-- usettp / -->

<isSharePoint />

</websso>

Change the fs-server to your resource Federation Server (i.e. adfsresource.treyresearch.net) and change your_application to reflect your application. Your application is going to be the MOSS URL that Federated Users will access. In this example, we will change this to https://extranet.treyresearch.net

Modify the Windows authentication web site so ADFS users can be granted rights to the site collection

There are two ways in which you can grant rights to ADFS users into the SharePoint site; one is by using a Policy. In this case, we are not going to use that method for a couple of reasons:

• Granting rights by policy is a very coarse operation. It would allow the user (or group) to have the same set of rights in every web site, in every site collection, in the entire web application. It should be used very judiciously, and in this particular scenario we can grant access to ADFS users without resorting to this method

• Once the site(s) are in use, in an extranet scenario it is quite likely that the internal users will be responsible for granting access to sites and content. For that to happen, one of two things needs to happen – either those users need to be given an ADFS login name or they need to be able to select ADFS users and Organizational Claims (analogous to Active Directory groups) from the Windows site. Obviously, it makes the most sense for the Windows users to continue to be able to use their existing credentials, rather than provision a new identity for Windows users – that would essentially defeat the purpose of supporting Windows authentication users.

This is also an opportunity to explore one of the neat features about SharePoint related to security. As you extend web applications with different providers, you can configure one or all of them to be able to find user and groups from providers you are using. So in this scenario, we are going to configure our site that uses Windows authentication, and let users of that site be able to select other Windows users, Windows groups, and ADFS Organizational Claims all from one site.

In order to do that, the Windows site has to “know” about the other providers it can use. The way to do that is to edit the web.config file for the Windows site. Those are the steps already completed and covered above in the section titled Change the web.config on the Central admin site and web.config on the /folder/sharepoint.htm 80 (Windows Authentication site).

Now you can add ADFS Claims to SharePoint site groups so that federated users have access to the site. Start by navigating to the Windows authentication site as an account that has administrative rights in there. Click on Site Settings, People and Groups. You will see a list of the SharePoint site groups.

Remember at the beginning of this document – you created a couple of Organizational Group Claims on Treyresearch

<snip>

On the Trey Research side – launch ADFS.MSC

5. Create an Organizational Group Claim called Adatum MOSS Readers
6. Create an Organizational Group Claim called Adatum MOSS Contributors

</snip>

You can click on any of the /folder/sharepoint.htm groups, and then click on the Add button. Use the People Picker to type in the name of any ADFS Organization Group Claims that you want to add to the group and click the OK button. Those ADFS users will now be able to access the site via the external https URL. The People Picker will not do wildcard searches for the claims – so type the claim in here exactly as you typed it in while creating the claim in ADFS.

Browse to the https://extranet.treyresearch.net web site as an ADFS user you added to a SharePoint Site Group in the previous section. You should be able to authenticate to and see the site.

One gotcha that came up from the review process...If you install SharePoint with a domain service account running the Application Pool, this domain service account must be granted the “generate security audit” user right for ADFS to function properly.

</cross-posting from the ADFS Blog>

 

<Lawrence />

Announcing the... Windows SharePoint Server 3.0, Configuring and Office SharePoint Server 2007, Configuring exams! 

Congratulations and special thanks to those of you who helping us and Microsoft Learning with building the objective domain and exam questions (most of which were SharePoint MVPs).  We received a very strong and positive response from our pilot exam takers.  I"ve seen a few blog posts where people have passed either one or both of the IT Pro exams.  Congratulations!

These exams give you the opportunity to prove your SharePoint Products & Technologies knowledge to both your companies, peers, and something special for your resume/CV for your future.

IT Pro Exams (Released!):

TS: Office SharePoint Server 2007, Configuring (became available on January 8, 2007)

http://www.microsoft.com/learning/exams/70-631.mspx

TS: Windows SharePoint Services 3.0, Configuring (became available on January 8, 2007)

http://www.microsoft.com/learning/exams/70-630.mspx

Certifications:

Microsoft Certified Technology Specialist: SharePoint Services 3.0, Configuring

Microsoft Certified Technology Specialist: SharePoint Server 2007, Configuring

Audience Profile:

A typical candidate for this exam has a minimum of one year of experience in configuring Windows SharePoint related technologies. In addition this exam will assume that the candidate is proficient in configuring the following technologies.

•	Web Administration/Internet Information Services 6.0
•	General Windows Server 2003 Directory Administration
•	General Networking Infrastructure
•	General Knowledge of Office SharePoint Server 2007
•	General understanding of .NET 2.0 as it relates to SharePoint Services 3.0
•	General understanding of Internet Security and Acceleration Server
•	Network Load-balancing for applications
•	Administering SQL Server 2000 or 2005 for SharePoint Services 3.0
•	General Security/Authentication practices
•	Back-up/Restoration of data

 

Dev Exams (ETA: March):

TS: Microsoft Windows SharePoint Services 3.0 - Application Development

http://www.microsoft.com/learning/exams/70-541.mspx

The Technology Specialist (TS) Exam 70-541: TS: Microsoft Windows SharePoint Services 3.0 - Application Development is in development. It is expected to be released in mid-winter 2007.

TS: Microsoft Office SharePoint Server 2007 - Application Development

http://www.microsoft.com/learning/exams/70-542.mspx

The Technology Specialist (TS) Exam 70-542: TS: Microsoft Office SharePoint Server 2007 - Application Development is in development. It is expected to be released in March 2007.

 

 

   Microsoft"s User Research Group is actively conducting usability research for SharePoint products and technologies. If your functional role within the SharePoint world is that of a contributor, administrator, or developer, working with Microsoft Office SharePoint Server 2007, Windows SharePoint Services 3.0, or Office SharePoint Designer 2007, they want to hear from you!

 

   The focus group sessions are limited and will be held on Microsoft"s main campus in Redmond, WA beginning in late February (very soon!). All participants will be offered a gratuity selection for participation, but costs for travel and lodging will not be covered. If interested, e-mail uccoord@microsoft.com for more information.

 

 

   <Lawrence />

 

The European SharePoint Conference was kicked off this morning at the Estrel Convention Center in Berlin, Germany, by Derek Burney, GM of SharePoint Platform and Tools, with a keynote presentation that provided an overview of the 2007 version of SharePoint Products and Technologies and an update on SharePoint’s growing market momentum and it’s central role to every company’s Business Productivity Infrastructure. Derek’s presentation slidedeck is now available for public download here (PPT2007, PPT2003, PPT Slide Library). Derek’s presentation was effectively complemented by Mike Fitzmaurice’s demos, for which alas, I do not have the video capture to post at this time.

Here are a few snapshots of the keynote presentation.

What is most impressive about this conference thus far is that it has almost 2,400 registered attendees from over 50 countries as well as over 100 Microsoft partners with SharePoint specific addons, tools, solutions, and services. Overall, this conference is twice as massive as the inaugural SharePoint Conference that was held in Bellevue, WA in May of last year.

And a few snapshots of the 3 separate partner pavillions:
 

Lastly, Derek pre-announced the new SharePoint Community Portal (at http://sharepoint.microsoft.com/sharepoint), which has been built entirely on top of SharePoint Server 2007 as was the website for the European SharePoint Conference. More detailed info on both implementations will be forthcoming.

<Lawrence />

Answers to some FAQs about WSS 3.0 and MOSS 2007 Language Packs.

 

What are MOSS Language Packs?

MOSS Language packs enable site owners and site collection administrators to create SharePoint sites and site collections in multiple languages without requiring separate installations of Microsoft Office SharePoint Server 2007. You install language packs, which contain language-specific site templates, on your front-end Web servers. When an administrator creates a site or a site collection based on a language-specific site template, the text that appears on the site or the site collection is displayed in the site template"s language. Language Packs are typically used in multinational deployments where a single server farm supports people in different locations or in situations where sites and Web pages must be duplicated in one or more languages. Application of a Language Pack will not change the language of the installed Office server product SKU.

 

What’s the difference between WSS Language Packs and MOSS language Packs?

·         WSS Language Packs are for WSS stand-alone installations and enable the creation of SharePoint sites in different languages; multiple language packs can be installed on the same server.

·         MOSS Language Packs are for MOSS, MOSS for Search, Forms Server, and Project Server installations and enable the creation of SharePoint sites in different languages; multiple language packs can be installed on the same server.

 

What’s the difference between a MOSS Language Pack and a fully localized version of MOSS?

Microsoft’s 2007 Office server products are localized into languages in two different ways: 1) fully translated SKUs and 2) Language Packs. A language-specific SKU delivers the respective Office server product localized into a given language. A Language Pack may be applied to an installed Office server product to create sites or site collections in other languages. Application of a Language Pack will not change the language of the installed Office server product SKU, or the language of the admin features.

 

How does a customer license them?

MOSS Language Packs can be downloaded and installed on Microsoft Office SharePoint Server 2007 servers free of charge. If the Language Packs deployed fall within your “listed languages” then your Microsoft Office SharePoint Server 2007 Standard and Enterprise CALs license your desktops/devices for those Language Packs. If Language Packs deployed fall outside of your “listed languages” then you will need to consider modifying your CAL to a multi-language option (for Select/Open agreements) or an “all languages” option (for Enterprise Agreements).

 

What’s the pricing?

There is no cost for MOSS Language Packs; however, there may be additional CAL costs associated with licensing for languages outside your listed languages.

 

Where can I find information on deploying MOSS Sever Language Packs?

The following TechNet articles relate to MOSS Language Pack deployment:

• Deploy language packs - http://technet2.microsoft.com/Office/en-us/library/26c07867-0150-463d-b21a-a6d42aecf05a1033.mspx
• Install available language template packs - http://technet2.microsoft.com/Office/en-us/library/5a2be738-df29-43cd-b361-84b7822164e31033.mspx
• Plan for multilingual sites - http://technet2.microsoft.com/Office/en-us/library/22d5dc9c-66bd-40d7-8c60-2a2a066db2241033.mspx

I heard that there are issues related to specific server language packs. What is this about?

For certain languages (Arabic, Hindi and Thai), spellers were not included in either the fully localized version of MOSS or the MOSS Language Pack.  (Spellers for Basque and Galician are also absent from the Spanish MOSS and Spanish MOSS Language Pack). These spellers, as well as instructions for installing them, will be made available to customers via the MOSS Server Multi-Language Pack (SMLP). The SMLP will be downloadable from the Microsoft Download Center and MVLS/eOpen web sites. The SMLP is expected to be available towards the end of May 2007. Note: while a customer can obtain any MOSS Language Pack or the SMLP free of charge, they are not necessarily licensed to use all of the languages. They should consult their listed languages for more clarification on which languages they are licensed to use.

 

 

   <Lawrence />

   Recommended Reading for February (click here for previous recommendations):

·         Customizing MOSS Search – written by Ian Morrish, SharePoint Insider; provides a walkthrough of how to add 1) Microsoft Live Search results to the SharePoint Search page and 2) custom list/document property values to the search results summary.

·         Mobile browsers and devices that are supported in WSS 3.0 and in MOSS 2007 – Microsoft KB article that answers one of the most common FAQs.

·         Make your SharePoint debugging experience a little less painful – written by Andrew Connell, SharePoint MVP; provides 3 macros for Visual Studio 2005 to attached to the relevant SharePoint processes for debugging.

·         SharePoint 2007 CSS Reference Chart – maintained by Heather Solomon, SharePoint MVP; provides an excellent visual reference for the CSS styles used by WSS 3.0 and MOSS 2007, which enable very easy customization using the Site Settings | Look and Feel | Master Page | Alternate CSS URL option for a site.

·         How to configure SharePoint trusted WSRP producers – Ian’s on a roll with another useful walkthrough that answers one of the most common (presales) FAQs (usually only needed from an RFI/RFP checkbox J) about MOSS. And one more helpful tip from Ian: How to run inline code in SharePoint aspx pages.

·         Displaying the Correct Titles of Lotus Notes Documents in SharePoint Search Results – written by Mei Ying Lim, SharePoint MVP; supplements Liam Cleary’s How to setup MOSS Search to index Lotus Notes walkthrough that would be useful for the many Notes customers, who want to leverage MOSS Search as a unified intranet search solution.

·         Careful When Working with Sealed Site Columns – written by John Holliday, SharePoint MVP; provides an insightful caveat about sealed site columns used by MOSS’s Publishing feature.

·         How to setup and Configure Forms Based User Administration Feature (Alpha Release) – written by Chandima Kulathilake; provides a walkthrough and sample code on how to address one of the most common FAQs about SharePoint authentication.

·         How to create the “Contact Map” mashup with a SharePoint Contacts List and Windows Live Maps – written by the Office Live team; provides a walkthrough and sample code for one of the most common FAQs about how to leverage Windows Live Services in SharePoint.

·         SharePoint Deployment and Provisioning Checklists, Powerful Keyword and Property Search in SharePoint Server, and Good List of Performance Counters – a few of the excellent reference articles written by my teammate, Joel Oleson, that you should bookmark.

·         Lastly, a couple of very handy deployment tools (with source code) conceptualized by Angus Logan, SharePoint Insider, and developed by Sanil Malik: MOSS 2007 Utility to Import/Export User Profiles and MOSS 2007 Utility to Import/Export User Profile Properties. Sanil also posted a well written article about User Profiles and Audience Targeting, which provides the key reasons for why you need these tools.

 

 

   <Lawrence />