Friday, July 21, 2017

New SP Trusted Identity Token Issuer

Add-PSSnapin "Microsoft.SharePoint.PowerShell"
#Realm we created in Azure
$realm = "http:///_trust" #your sharepoint application url
#Replace "crescent.accesscontrol.windows.net" and "extranet.crescent.com" with yours here!
$signinurl = "https://claimprovider.com/account/loginv2"

$certloc = "E:\SSO\certificate.cer"
# see the attached file srv186CA.cer
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certloc)
New-SPTrustedRootAuthority "DEV Trusted Authority" -Certificate $cert


$NameIdentifier = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
$GivenName = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" -IncomingClaimTypeDisplayName "Display Name" –LocalClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/givenname"
$Email = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming


New-SPTrustedIdentityTokenIssuer -Name "SSO DEV" -Description "TOKEN ISSUER NAME" -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $NameIdentifier,$GivenName,$Email -SignInUrl $signInURL -IdentifierClaim $NameIdentifier.InputClaimType

No comments: