Introduction
SURFconext can be used as group provider for service providers. You can manage and use groups within SURFteams or within external group providers. This article describes how you can use SharePoint 2010 as external group provider from SURFconext. The interface of the group provider is based on the VOOT protocol. See: Microsoft Active Directory as a Group Provider for more information about the VOOT protocol.
What is the approach?
First I've searched for an answer to the following two questions:
- Where do we implement the VOOT REST interface?
- How do we get the group and user information from SharePoint?
Ad 1)
We have to choose to implement the VOOT REST interface inside or outside SharePoint. When the interface is implemented inside SharePoint, we have to create support for url rewriting. The required methods such as /groups/@me are not going to work without doing major rewrite surgery. Whether or not SharePoint 2010 supports url rewriting is point of discussion on the internet. For example, No support for rewrite in SharePoint and the more recent Support for rewrite in SharePoint. Apparently, it doesn't seem the way to go for me.
To walk around it a separate web application solves to the url rewriting issues. The web application handles the VOOT REST interface and gets the required information from SharePoint. How this is done is the answer of the next question.