At this stage, we are done configuring the Azure Part
Continue Configuration Steps:
- Go to your SharePoint Farm
- Create a new web application
- Make sure the claim authentication will be as the following:
- Enable Windows Authentication = Checked
- Integrated Windows authentication = Check
- Select NTLM
- PS: The Facebook authentication will be enabled later
- After creating the web application, go and create a site collection
- Run the following script:
- Red parameters need to be changed depend pon your configuration
$realm = "http://mysharepointlogin.com" $signinurl = "https://mysharepointlogin.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2fmysharepointlogin.com%2f" $certlocation = "C:\Users\Administrator\Desktop\MySharePointLogin.cer" $rootcertificate = Get-PfxCertificate $certlocation New-SPTrustedRootAuthority "MSharePointLogin" -Certificate $rootcertificate $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certlocation) $ClaimTypingMapping1 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming $ClaimTypingMapping2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" -IncomingClaimTypeDisplayName "Display Name"–LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" $ClaimTypingMapping3 = New-SPClaimTypeMapping -IncomingClaimType "http://www.facebook.com/claims/AccessToken" -IncomingClaimTypeDisplayName "Access Token" -SameAsIncoming $ClaimTypingMapping4 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" -IncomingClaimTypeDisplayName "Name Identifier"–LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" $ClaimTypingMapping5 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration" -IncomingClaimTypeDisplayName "Expiration" -SameAsIncoming New-SPTrustedIdentityTokenIssuer -Name "Facebook Authentication" -Description "Facebook Identity Provider" -Realm $realm -ImportTrustCertificate $certificate -ClaimsMappings $ClaimTypingMapping1,$ClaimTypingMapping2,$ClaimTypingMapping3,$ClaimTypingMapping4,$ClaimTypingMapping5 -SignInUrl $signinurl -IdentifierClaim $ClaimTypingMapping1.InputClaimType
- realm = the URI or URL that is associated with a SharePoint web application that is configured to use a SAML token-based provider (SharePoint Web application URL)
- signinurl = Access Control Namespace URL which was created in windows Azure.
- $certloc = Physical path for the certificate. Make sure to select the .Cer
- $rootcert = Get the .pfx certificate root
- New-SPTrustedRootAuthority = Creates a trusted root authority.
- $cert = to represents an X.509 certificate.
- $ClaimTypingMapping = map between the new claim in SharePoint with the incoming claim from ACS.
- New-SPTrustedIdentityTokenIssuer = Create a new Identity Provider named Facebook Authentication
- After running the script successfully – > Go and select the SharePoint Web Application you created – > General Setting from the top ribbon.
- Go to Claims Authentication Section and check Facebook Authentication
- Go back and select the web application –> Click User Policy
- In the pop windows –> Click Add Users
- Select All zones and click Next
- Click Browse Users
- Select All Users –> All Users (Facebook Authentication) –> Click Add –> Click OK.
- Select Full read – Has Full read-only access.
- Click OK
Go to Part 4