We are having issues with FBA Pack on SharePoint On-premises. FBA users failing to run workflows and error 401 occurs. The correlationId reports the following:
Current thread identity is claim auth. Result: 'i:0).w|s-1-5-21-1552752175-2098076497-828143542-25870'.
Couldn't find a user using property 'SPS-UserPrincipalName' of value '1094833'
Couldn't find a user using property 'WorkEmail' of value '1094833'
UserNotFoundException: An error was encountered while retrieving the user profile.
Couldn't find a user using property 'SID' of value 'System.Byte[]'
Identity claims mapped to '0' user profiles. Claims: [nameid: '1094833', nii: 'forms:fbamembershipprovider', upn: '1094833', smtp: '1094833', sip: ''], User Profiles:
Failure: GetSingleUserProfileFromClaimsList: Couldn't get a user. Message: Identity claims mapped to '0' user profiles. Claims: [nameid: '1094833', nii: 'forms:fbamembershipprovider', upn: '1094833', smtp: '1094833', sip: ''], User Profiles:
Has anyone had this problem and have any information?
I haven’t had problems running workflows as FBA Users. The one thing I find strange is that the claims username on the first line is a windows/ad login. A forms username is in the format ‘i:0#.f|myprovider|myuser’.
Thanks for the response @ccoulson,
The windows account in the first line is the Sharepoint Farm account.
This information also appears in the log:
The set of claims could not be mapped to a single user identity. Exception 3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.
The registered mappered failed to resolve to one identity claim. Exception: Microsoft.Office.Server.Security.UserProfileNoUserFoundException: 3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.
STS Call Claims Saml: Problem getting output claims identity.
STS Call Claims Saml: Problem getting token lifetime. Exception: 'Microsoft.Office.Server.Security.UserProfileNoUserFoundException: 3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.
Is this error FBA Pack related or maybe it’s a SharePoint issue?
Finally:
STS Call: Failed to issue new security token. Exception: Microsoft.Office.Server.Security.UserProfileNoUserFoundException: 3001002;reason=A reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.
SPSecurityContext: Request for security token failed with exception: System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.
An exception occurred when trying to issue a security token: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.
It’s definitely a SharePoint related issue - the FBA Pack just adds extra pages and web parts for administering FBA accounts.
It could be related to how FBA is setup in SharePoint. Do you have more than one zone setup in your web application? Maybe one that’s windows only and one that’s forms only? If that’s the case you might want to try enabling both forms and windows on both zones just to see if it corrects the problem.
I’ll check. Thanks for your help @ccoulson!