Getting the Trusted Identity Provider to run the SharePoint ps1 script
Article ID: 245959
Updated On:
Products
CA Single Sign On Agents (SiteMinder)
SITEMINDER
Issue/Introduction
When running the Agent for SharePoint .ps1 script, where to find the value of the Trusted Identity Provider to be able to run the ps1 script?
Resolution
At first, edit and create a Trusted Identity Provider name to the .ps1 file (1).
To illustrate:
Deciding the Trust Identity Provider name will be:
mySiteminderTrustedIdentityProvider
Configure the script spagent4x.ps1:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\ps-sign-wsfed.cer")
New-SPTrustedRootAuthority -Name "mySiteminderTrustedIdentityProvider" -Certificate $cert
$map1 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/claims/useridentifier" -IncomingClaimTypeDisplayName "useridentifier" -SameAsIncoming
$realm = "urn:spagent4x-realm"
$signinurl = "http://wa.training.com/affwebservices/public/wsfeddispatcher"
$ap = New-SPTrustedIdentityTokenIssuer -Name "mySiteminderTrustedIdentityProvider" -Description "Trusted Identity Provider for Siteminder" -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1 -SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType -UseWReply
PS C:\> .\spagent4x.ps1
Certificate : [Subject]
CN=ps.training.com, OU=Support, O=Broadcom, L=Barcelona, S=Barcelona, C=ES
[Issuer]
CN=ghwp0z2.dhcp.broadcom.net, OU=Support, O=Broadcom, L=Barcelona, S=Barcelona, C=ES
[Serial Number]
44DE26ED9C6DBEE7C4A38E847EEAFEBAC9D8D4B7
[Not Before]
6/2/2021 9:36:03 AM
[Not After]
3/22/2024 8:36:03 AM
[Thumbprint]
06308865FE229F90B9B341AE9C0CD2890E4D2EA8
Name : mySiteminderTrustedIdentityProvider
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : mySiteminderTrustedIdentityProvider
Id : ceab455d-a7f0-44c2-adfa-4fc650466a67
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 74001
DeploymentLocked : False
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\> Get-SPTrustedIdentityTokenIssuer
ProviderUri : http://wa.training.com/affwebservices/public/wsfeddispatcher
ProviderSignOutUri :
DefaultProviderRealm : urn:spagent4x-realm
ProviderRealms : {}
ClaimTypes : {http://schemas.xmlsoap.org/claims/useridentifier}
HasClaimTypeInformation : True
ClaimTypeInformation : {useridentifier}
ClaimProviderName :
UseWReplyParameter : True
UseWHomeRealmParameter : False
GroupClaimType :
RegisteredIssuerName :
IdentityClaimTypeInformation : Microsoft.SharePoint.Administration.Claims.SPTrustedClaimTypeInformation
Description : Trusted Identity Provider for Siteminder
SigningCertificate : [Subject]
CN=ps.training.com, OU=Support, O=Broadcom, L=Barcelona, S=Barcelona, C=ES
[Issuer]
CN=ghwp0z2.dhcp.broadcom.net, OU=Support, O=Broadcom, L=Barcelona, S=Barcelona, C=ES
[Serial Number]
44DE26ED9C6DBEE7C4A38E847EEAFEBAC9D8D4B7
[Not Before]
6/2/2021 9:36:03 AM
[Not After]
3/22/2024 8:36:03 AM
[Thumbprint]
06308865FE229F90B9B341AE9C0CD2890E4D2EA8
AdditionalSigningCertificates : {}
MetadataEndPoint :
IsAutomaticallyUpdated : False
Name : mySiteminderTrustedIdentityProvider
TypeName : Microsoft.SharePoint.Administration.Claims.SPTrustedLoginProvider
DisplayName : mySiteminderTrustedIdentityProvider
Id : 0ddd64a6-78fd-44f2-9a2a-28ccbde21765
Status : Online
Parent : SPSecurityTokenServiceManager Name=SecurityTokenServiceManager
Version : 74004
DeploymentLocked : False
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\>
Additional Information
(1)
10. Re: Share point agent integration with CA siteminder
13. Copy the script file and public certificate of the Assertion
Signing certificate (& rootCA public cert if not selfsigned) to
SharePoint Machine.
14. Edit the script file
a. Enter certficate paths for rootCA and public cert (only
public cert if selfsigned, hash rootCA entries).
b. Enter a Name for TIP and Description for TIP in the <tags>
allotted.
c. save script.
Feedback
Yes
No
Powered by
