You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Below is an example powershell script for enabling federated SSO for SharePoint: "claims-authn-sso-enable.ps1".
# # PowerShell Script for enabling federated SSO for SharePoint via DualShield IdP
# Determines a directory where this script is placed $ScriptDirectory = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition # Includes common configuration . (Join-Path $ScriptDirectory claims-authn-sso-common.ps1) # Set path to a file with PEMencoded X.509 certificate of WSFederation IDP $cert_path = (Join-Path $ScriptDirectory $idpCertFile) # Set path to a file with PEMencoded X.509 CA of certificate of WSFederation IDP $certCA_path = (Join-Path $ScriptDirectory $caCertFile) # This creates a powershell certificate object from the certificate file that was exported from DualShield $cert = New-Object system.security.cryptography.x509certificates.x509certificate2($cert_path) $certCA = New-Object system.security.cryptography.x509certificates.x509certificate2($certCA_path) # This defines a claim type mapping $map = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming # This is the realm/EntityID that SharePoint uses when communicating with the IdP $realm = $webApplicationName # This creates the trusted identity token issuer in Sharepoint $idp = New-SPTrustedIdentityTokenIssuer -Name $idpName -Description "DualShield WSFed" -Realm $realm -SignInUrl $idpSigninUrl -ImportTrustCertificate $cert -ClaimsMappings $map -IdentifierClaim $map.InputClaimType # This adds CA certificate to the list of trusted root certificates in Sharepoint. You need to import the CA certificate here. The certificate also needs to be imported as a trusted root certificate in Windows. New-SPTrustedRootAuthority -name $idpTrustedRootCaName -Certificate $certCA # This changes authentication provider for existing application to the newly created $webApplication = Get-SPWebApplication $webApplicationName $idp = Get-SPTrustedIdentityTokenIssuer $idpName Set-SPwebApplication $webApplication -AuthenticationProvider $idp -Zone Default ## This enforces use of "wreply" parameter (only must be invoked for changing the SPTrustedIdentityTokenIssuer) $idp = Get-SPTrustedIdentityTokenIssuer $idpName $idp.UseWReplyParameter = $true $idp.Update() |