At this stage we are done configuring the Facebook part.
Continue Configuration Steps:
- Now we need to create a signing token certificate. This is used to sign tokens issued to SharePoint Web Applications.
- Open command prompt, browse to MakeCert.exe command which can be found in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path.
- If MakeCert.exe is missing, then download and install Windows SDK from here
- Run the following command:
MakeCert.exe -r -pe -n "CN=mysharepointlogin.accesscontrol.windows.net" ^
-sky exchange -ss my -len 2048 -e 05/29/2014
- After the operation succeed, go to Control Panel –> Administrative Tools –> Manage Computer Certificate.
- Expand Certificates – Current User, Personal, and click on Certificate. You will find the newly created signing token certificate.
- Right Click on the new certificate go to All Tasks –> Export.
- Choose No, do not export the private key, and click next.
- Choose Base-64 encoded x,509 (.CER), and click Next.
- Save the Certificate on the Desktop, ex: "C:\Users\Administrator\Desktop\MySharePointLogin.cer"
- Go again to Control Panel –> Administrative Tools –> Manage Computer Certificate.
- Browse to the same certificate again (Current User –> Personal -> click on Certificate).
- Right Click on the new certificate go to All Tasks –> Export.
- Choose Yes, export the private key, and click next.
- Choose Personal Information Exchange –PKCS #12(.PFX) and click Next.
- Choose Password, and choose a password; remember this password as it will be used later.
- Save the Certificate on the Desktop, ex: "C:\Users\Administrator\Desktop\MySharePointLogin.pfx”
- Go to your Access Control Namespace URL:
- http://MySharePointLogin.accesscontrol.windows.net (Mine)
- http://YourNamespaceTitle.accesscontrol.windows.net (Your namespace title)
- Click on Identity Providers.
- Click Add
- Select Facebook and click Add
- Keep the Display name as default
- Enter the Application ID –> This is the Facebook Application ID and can be retrieved from your Facebook Developer Account, then go to Application Information https://developers.facebook.com/apps (Part 1).
- Enter the Application Secret –> This is the Facebook Application Secret and can be retrieved from your Facebook Developer Account, then go to Application Information https://developers.facebook.com/apps (Part 1).
- Application Permission can vary, the default is the email, for more information go to: https://developers.facebook.com/docs/reference/login/#permissions
- Login Page Text keep default.
- Click Save
- Click on Relying Party Applications from the left navigation, then click Add.
- Fill the related information for the relying party (SharePoint)
- Name –> Web Application Host Header (ex: SharePointLogin.com
- Realm –> http://WebApplicationHostHeader (ex: http://SharePointLogin.com)
- Return URL –> Http://WebApplicationHostHeader/_trust (ex: http://SharePointLogin.com/_trust)
- Token Format: SAML 1.1
- Fill the related information for the relying party (SharePoint)
- Token encryption policy –> None
- Token lifetime (secs) –> 4000
- Choose Facebook as Identity Provider.
- Check Create New Rule Group
- Browse to the certificate you exported from the previous step; choose the certificate with .PFX extension.
- Enter the password you created when you exported the certificate.
- Click Save.
- Click Rule Groups from the left navigation and then click on Default Rule Group for MySharePointLogin.com
- Click Generate
- Choose Facebook and click Generate
- Click Save
Go to Part 3