Dear helpful readers,
we actually succeeded in setting up ADFS to log onto our sharepoint via Shibboleth, deliver a few attributes and have them show up in your SP's website - including eMail and userPrincipalName.
Now we're trying to give these logged-on users special permissions for a Site Collection. Doesn't work though both Shibboleth and ADFS/Sharepoint do access the same AD tree and therefor userPrincipalName is an unique identifier.
Basic question: Is this possible at all? If I log onto Sharepoint with using ADFS only (without reaching out towards Shibboleth) these users do get their permissions and everything seems fine. It looks as if Sharepoint won't connect that uPN to the matching user in AD.
Thanks for listening.