You will have to do this using PowerShell. This page
provides general guidance on how accomplish that, but it seems to be
based on configuring federation with Geneva server. However, I've been
able to adapt this to create a custom Federated Identity Provider based
on a custom STS. I used one from the Identity Developer Training Kit as
a model. The process goes a little something like this:
1. Make sure you save the signing certificate from your STS somewhere like the c:\ drive.
2.
Make sure your STS is deployed in IIS somewhere and works wiht a
standard ASP.NET application. The STS examples in the training kit might
be a good place to start.
3. Create a new web app. Make sure its in Claims Mode.
4. On the SP2010 server, run the following SharePoint Powershell commands:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\sts_signing.cer")
$map1 = New-SPClaimTypeMapping "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
$realm = "urn:" + $env:ComputerName + ":domain-int"
$signinurl = "https://localhost/yourcustom_sts/login.aspx"
New-SPTrustedIdentityTokenIssuer -Name "CustomSTS" -Description "Test
STS" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1
-SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType
5.
You should be able to at least add the new Federated Identity Provider
by highlighting the web app and clicking the "Authentication" button in
the ribbon.
6. If you left Negotiate enabled, subsequent logon
attempts to that web app will result in a login page with a drop down
listbox so you can pick your identity provider.
Whether this
actually works, though, is an entirely different matter. I'm having
issues with it and am going write a separate post for that.
:: Travis Nielsen
:: PointBridge
No comments:
Post a Comment