Upgrading Federated Applications to SharePoint 2010
Follow these instructions to upgrade SharePoint 3.0 applications federated with this package to SharePoint 2010.
Make a note of all the applications that are federated using the “Federated Extensions for SharePoint 3.0”.
Make a note of ADFS 2.0 identity provider details such as signing certificate and claims offered.
Backup user permissions for federated application
Manually make note of permissions set for the application, both names and roles that are configured for the application. You will use this information for configuring user permissions for the application after the upgrade is completed.
For example, if your application is configured with a name “sharepointclaimsmembershipprovider:administrator” and a role “sharepointclaimsroleprovider:role#administrators”. You would note down “administrator” user account and “administrators” group are configured for this application.
To access the user permissions list in SharePoint 3.0, follow these instructions:
Open the SharePoint Central Administration Site
Click Application Management tab and Policy for Web Application link under the Application Security group
From the Web Application drop down list box select the application you want to get User Permissions list.
Note down all the items that have a “sharepointclaims” prefix. These are the items you have configured to use the providers installed by the Federation Extensions package.
If you have configured any sites with user permissions using providers from the Federation Extensions package, then follow these steps to make a note of the User Permissions:
Browse to the site and select People and Groups from the left pane
From the members list, note down all the items that have “sharepointclaims” as a prefix. These are the items you have configured to use the providers installed by Federation Extensions package.
Preparing to upgrade the application
Stop IIS using the iisreset /stop command
Un-install the “Federation Extensions for SharePoint 3.0” package
Revert federated webapp’s web.config file from web.config.backup.1
Revert administration site’s web.config from web.config.backup.1
Start IIS using the Iisreset /start command
Open the SharePoint Central Administration Site.
Go to ApplicationManagement->AuthenticationProviders
Select the proper root web application
Click the zone of the federated web application
Change it from WebSSO using the Role/Membership Provider to use Windows Integrated Authentication.
Repeat steps 2 and 3 for all the applications and sites identified in step 1.
Upgrade to SharePoint 2010
- Follow the instructions at Upgrading to SharePoint Foundation 2010 on the SharePoint 2010 TechNet Site to upgrade.
Enable federation using Claims Authentication with SAML Sign-in
Select one application identified in step 1
Convert to Claims Authentication and establish federation trust with ADFS V2
- Follow the instructions detailed in the Claims-based authentication "Cheat Sheet" Part 2 blog post to convert the authentication method of your application to “claims authentication” and establish trust with ADFS V2. The information you gathered in step 1-b will be used in this step.
Restore user permissions
Restore the backed up permissions information from step 2a
Manually add these user permissions to the application configured for claims authentication in step 6b.
Try accessing the application and ensure you were able to successfully access it.
Repeat sub-steps 6a through 6d for all the applications and sites identified in step 1.
Follow the instructions in Manage permission policies for a Web application (SharePoint Server 2010) to add user permissions for the application or site.
You have completed the upgrade process.