When is FillClaimsForEntity Called? RRS feed

  • Question

  • Hi folks.

    I've implemented a custom SPClaimProvider and, for the time being, implemented some hard coded claims augmentation logic in FillClaimsForEntity.  I am currently simply testing with FBA.

    The problem is that I've only see it called once and for one user.  I was under the impression that it would be called every time a user logged out or logged in.  I've checked with a simple claims viewer web part that indeed, for the second user (also FBA user), the claim is never augmented.  

    So I'm curious why that's the case.

    zaanglabs.com | charliedigital.com | linkedin.com/in/charlescchen

    Tuesday, February 21, 2012 8:25 PM


All replies

  • Since you are using FBA as an authentication mechanism, SharePoint is caching the claim using the Secure Token Service (STS).  Recycling the SecurityTokenServiceApplicationPool app pool in IIS should clear the cache.  You can also modify the caching duration with the Set-SPSecurityTokenServiceConfig cmdlet.  I think the attribute you want to change is ServiceTokenLifetime.

    This article may be of some use:


    • Marked as answer by CharlieDigital Monday, February 27, 2012 8:00 PM
    Monday, February 27, 2012 5:02 PM
  • Yup, this was the problem - recycled the wrong app pool (only the application, forgot about the STS web app).


    zaanglabs.com | charliedigital.com | linkedin.com/in/charlescchen

    Monday, February 27, 2012 8:01 PM
  • Didn't work for me, the user still has the same claim value after recycling  the STS app pool. It only works after recycling the WebApp app pool. In my scenario the claim value are fetched from a database.

    Heidl Technologies

    Wednesday, August 22, 2012 10:47 AM
  • Yes. I observed the same behavior. Am I doing anything wrong while setting up the claims provider or by default user claims stored in Web Application cache rather than STS application cache?

    Also I observed an another strange behavior. The method FillClaimsForEntity called on each and every page load. This is happening only in my Dev environment and in rest of all the environments it's called only every 10 hours (Default Setting)

    Wednesday, February 19, 2014 8:00 PM
  • I would verify the build of SharePoint you have installed.  I had this issue on a project that contained  a custom claims provider that was augmenting NTLM authentication.  We had to work with Microsoft support to get it resolved.  The problem was a bug in SharePoint and the fix was included with the Feb 2012 cumulative update (14.0.6117.5002).
    Wednesday, February 19, 2014 8:39 PM
  • Thanks for the reply Charles.

    I thought the same and upgraded my Farm to SP 2010 SP2 2 weeks back. Still having the same issue. Now the farm version is 14.0.7015.1000.

    Wednesday, February 19, 2014 9:19 PM