Claims Issues

• Audiences don't work properly, must write code. See: Using Audiences w/ Claims
• Claims setup breaks transparent authentication in an intranet environment. Workaround using Codeplex: SPAutomatc Signin
• Claims Token default timeout is 10 hours: Authorization failures using custom claims even after adding user, details here: Scot Hillier post.
  • Fix

$sts = Get-SPSecurityTokenServiceConfig
$sts.WindowsTokenLifetime = (New-TimeSpan –minutes 60)
$sts.FormsTokenLifetime = (New-TimeSpan -minutes 60)
$sts.Update()
Iisreset

• Search alerts are currently not supported with claims-based authentication (According to Ian Morrish)
• NTLM (supported in Claims mode) is required for the search crawl account (According to Ian Morrish)
• When creating Web App via PowerShell, you must first create the object referencing the auth provider. Details here.

$ap = New-SPAuthenticationProvider [-UseWindowsIntegratedAuthentication] [-DisableKerberos | DisableKerberos:$false] [-UseBasicAuthentication] [-AllowAnonymous]
New-SPWebApplication -Name <Name> -Port <Port> -HostHeader <HostHeader> -AuthenticationProvider <AuthenticationProvider> [-AllowAnonymousAccess][-SecureSocketsLayer] -URL <URL> -ApplicationPool <ApplicationPool> -ApplicationPoolAccount <ApplicationPoolAccount> -DatabaseName <DatabaseName>

• According to this post, FAST Search Thumbnail previews for Office Web Apps don't display using claims. This was confirmed in the whitepaper published 3/21/2012.