Previous Topic: Close Browser After Logging Off with X.509 Authentication Scheme (CQ 134124)

Next Topic: Cannot Access Protected SharePoint Resource using the Impersonation Authentication Scheme (CQ 135275)

Agent for SharePoint Release NotesKnown IssuesInconsistency between runtime Access Policy and People Picker Behavior (CQ 134290)

Inconsistency between runtime Access Policy and People Picker Behavior (CQ 134290)

An inconsistency occurs between an access policy and the people picker when SiteMinder Forms protection is configured for a SharePoint web application or zone.

User access to a SharePoint site is governed first by the SiteMinder user policy and then by the SharePoint permissions.

The behavior changes when SharePoint permissions are configured through the People and Groups dialog (people picker) and the SiteMinder protection is configured using ASP.NET Forms authentication. The SiteMinder user directory connection object governs the list of users and groups returned. The SiteMinder user access policy does not affect the results.

This behavior means that while a SharePoint site administrator can select users using People and Groups dialog (people picker) and grant them access to a SharePoint resource, SiteMinder denies them access to the resource at runtime.

As a workaround, do the following steps:

  1. Create SiteMinder user directory connection objects that are restricted to the set of users contained in the SiteMinder user policy associated with the SharePoint sites.
  2. Include the directory object in the policy and select all users from this directory object in the user policy.