Monday, February 21, 2011

Registering a Trusted Identity Provider in SharePoint 2010

If you want to register a Trusted Identity Provider for SharePoint 2010, there are numerous ways to do this.  If you do a quick Google search for these key words, you will find numerous articles on how to accomplish this.  Most of these articles will focus on using PowerShell to accomplish the task.

One such article is here: http://www.helloitsliam.com/Lists/Posts/Post.aspx?ID=257


However, if you are more familiar with Microsoft.Net than you are with PowerShell (as most developers are), then you will probably prefer a Microsoft.Net WinForms Tool over typing in PowerShell commands.  Fortunately, for the majority of .Net Developers out there, Microsoft has released such a tool along with its corresponding source code to allow you to accomplish just such a task.

The source code can be downloaded from MSDN Code Gallery here:
http://archive.msdn.microsoft.com/odcsp14ta/Release/ProjectReleases.aspx?ReleaseId=4744

You will want to download the source code for the Claims Example Trusted Login Provider.  Included in the source code is a tool called RegisterSTS. Building and running this tool will allow you to register the WingtipSTS Security Token Service which is also included in the source code solution.

Unfortunately, the source code for the RegisterSTS is broken when building the solution in Visual Studio 2010.  In addition, many of the items in the source code solution are hard coded into the C# code, thereby making it difficult to easily modify and manipulate.

I have modified some of this source code to correct the error messages as well as migrating some of the key elements into an App.config file for easy modification.

In a subsequent post, I will post my modified source code so that others may benefit from these changes as well.

However, even though the RegisterSTS tool is convenient for registering a Trusted Identity Provider, a Trust Relationship still needs to be established by trusting the STSTestCert certificate.

The details of how to accomplish this can be found in this article: http://technet.microsoft.com/en-us/library/ee704552.aspx

The content that you will probably need is the following:


  1. From the Start-->Programs-->Microsoft SharePoint 2010 Products menu, select SharePoint 2010 Management Shell
  2. This will open the PowerShell console needed to execute the required SharePoint commands
  3. Now, run the following commands:
    1. $trustCert = Get-PfxCertificate <C:\PublishingFarmRoot.cer>
      New-SPTrustedRootAuthority <PublishingFarm> -Certificate $trustCert

     4.  Once you hit the Enter key, this should register the STSTestCert to establish the required Trust    Relationship



Till next time, happy coding!

No comments:

Post a Comment