When running the Agent for SharePoint .ps1 script, where to find the value of the Trusted Identity Provider to be able to run the ps1 script?
At first, edit and create a Trusted Identity Provider name to the .ps1 file (1).
To illustrate:
Deciding the Trust Identity Provider name will be:
mySiteminderTrustedIdentityProvider
Configure the script spagent4x.ps1:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\ps-sign-wsfed.cer")
New-SPTrustedRootAuthority -Name "mySiteminderTrustedIdentityProvider" -Certificate $cert
$map1 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/claims/useridentifier" -IncomingClaimTypeDisplayName "useridentifier" -SameAsIncoming
$realm = "urn:spagent4x-realm"
$signinurl = "http://wa.example.com/affwebservices/public/wsfeddispatcher"
$ap = New-SPTrustedIdentityTokenIssuer -Name "mySiteminderTrustedIdentityProvider" -Description "Trusted Identity Provider for Siteminder" -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1 -SignInUrl $signinurl -IdentifierClaim $map1.InputClaimType -UseWReply
PS C:\> .\spagent4x.ps1
Certificate : [Subject]
CN=ps.example.com, OU=Support, O=Broadcom, L=Barcelona, S=Barcelona, C=ES
[Issuer]
CN=dhcp.example.net, OU=Support, O=Broadcom, L=Barcelona, S=Barcelona, C=ES
[Serial Number]
44DE26E8**************EAFEBAC9D8D4B7
[Not Before]
6/2/2021 9:36:03 AM
[Not After]
3/22/2024 8:36:03 AM
[Thumbprint]
06308865FE2***********2890E4D2EA8
Name : mySiteminderTrustedIdentityProvider
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : mySiteminderTrustedIdentityProvider
Id : ceab455d-a7f0-*************
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 74001
DeploymentLocked : False
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\> Get-SPTrustedIdentityTokenIssuer
ProviderUri : http://wa.example.com/affwebservices/public/wsfeddispatcher
ProviderSignOutUri :
DefaultProviderRealm : urn:spagent4x-realm
ProviderRealms : {}
ClaimTypes : {http://schemas.xmlsoap.org/claims/useridentifier}
HasClaimTypeInformation : True
ClaimTypeInformation : {useridentifier}
ClaimProviderName :
UseWReplyParameter : True
UseWHomeRealmParameter : False
GroupClaimType :
RegisteredIssuerName :
IdentityClaimTypeInformation : Microsoft.SharePoint.Administration.Claims.SPTrustedClaimTypeInformation
Description : Trusted Identity Provider for Siteminder
SigningCertificate : [Subject]
CN=ps.example.com, OU=Support, O=Broadcom, L=Barcelona, S=Barcelona, C=ES
[Issuer]
CN=dhcp.example.net, OU=Support, O=Broadcom, L=Barcelona, S=Barcelona, C=ES
[Serial Number]
44DE26ED9***************
[Not Before]
6/2/2021 9:36:03 AM
[Not After]
3/22/2024 8:36:03 AM
[Thumbprint]
06308865FE229F9*************
AdditionalSigningCertificates : {}
MetadataEndPoint :
IsAutomaticallyUpdated : False
Name : mySiteminderTrustedIdentityProvider
TypeName : Microsoft.SharePoint.Administration.Claims.SPTrustedLoginProvider
DisplayName : mySiteminderTrustedIdentityProvider
Id : 0ddd64a6-78fd-44f**************
Status : Online
Parent : SPSecurityTokenServiceManager Name=SecurityTokenServiceManager
Version : 74004
DeploymentLocked : False
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\>
(1)
10. Re: Share point agent integration with CA siteminder
13. Copy the script file and public certificate of the Assertion
Signing certificate (& rootCA public cert if not selfsigned) to
SharePoint Machine.
14. Edit the script file
a. Enter certficate paths for rootCA and public cert (only
public cert if selfsigned, hash rootCA entries).
b. Enter a Name for TIP and Description for TIP in the <tags>
allotted.
c. save script.