How To: Sign into your SharePoint 2010/2013 sites with The Identity Hub

Summary

In this topic you will learn the neccesary steps to allow users to login to your SharePoint 2010/2013 sites using The Identity Hub - {tenant}.

Contents

  • Objectives
  • Summary of Steps
  • Step 1 - Create and configure an App for your SharePoint installation
  • Step 2 - Download the SharePoint solution file
  • Step 3 - Install the SharePoint solution
  • Step 4 - Allow users to access SharePoint sites.
  • Troubleshooting

Objectives

  • Sign into your SharePoint 2010/2013 site using The Identity Hub - {tenant}

Summary of Steps

  • Step 1 - Create and configure an App for your SharePoint installation
  • Step 2 - Download the SharePoint solution file
  • Step 3 - Install the SharePoint solution
  • Step 4 - Allow users to access SharePoint sites.

Step 1 - Create and configure an App for your SharePoint installation

In this step you will create and configure an App for your SharePoint installation.

For more information about Apps see How To: What is an App?.

  • Navigate to the Apps Admin Page and click on New.

  • Provide the following information
    • Name: The name of the app. Give a name to identify your SharePoint installation

    • Description: The description of the app.

  • Open the WS-Federation parameters section by clicking on the arrow.

  • Provide the following information
    • Relying Party Realm: The urn SharePoint will use to identify itself.

    • Reply Url's: The url of the SharePoint Site. For example: https://sharepoint.contoso.com/. Only https is allowed.

    • Relying Party Certificate: Not supported for SharePoint.

    • Token Signing Certificate: The public/private key pair of the certiciate, The Identity Hub - {tenant} will use to sign the sign-in response (SAML Token).

      It is recommended that you aquire and use a specific certificate, only used for this purpose. The certificate chain must be valid.

      The Identity Hub SharePoint solution will automaticaly configure SharePoint to accept responses signed with this certificate.

    • Token Signing Certificate Password: The password to access the private key.

  • Click Save. You will navigate to the detail page of the just created App.


Step 2 - Download the SharePoint solution file

  • Open the SharePoint 2010 or SharePoint 2013 section by clicking on the arrow.

  • Click the link to download the wsp package.


Step 3 - Install the SharePoint solution

In this step we will install and configure The Identity Hub SharePoint solution file.

For more detailed steps on installing SharePoint Solutions see http://technet.microsoft.com/en-US/library/cc262995

  • Open the SharePoint 2010/2013 Management Shell.

  • At the Windows PowerShell command prompt, type the following command:

    Add-SPSolution -LiteralPath [path to the The Identity Hub SharePoint solution package]

  • Open Central Administration and navigate to Farm Management section, Manage farm solutions.

  • Deploy the solution. Click the identity hub claim provider.wsp link and click Ok on the next page.

  • After the solution is deployed, navigate to Application Management, Manage Web Applications and select the Web Applications you want allow users to authenticate using The Identity Hub.

  • Click "Authentication Providers" in the ribbon and click on the link with the correct zone.

  • Scroll to the Trusted Identity Provider section and check The Identity Hub {tenant}.

  • Click Save.

  • Navigate to the Web Application. You should now be able to sign-in using The Identity Hub {tenant}.


Step 4 - Allow users to access SharePoint sites

In this step we will allow users login with The Identity Hub to access a SharePoint site.

  • Open the SharePoint site you want to allow The Identity Hub users to access.

  • Navigate to People and Groups.

  • Go to the details of a group.

  • Click New

  • The People Picker will appear. Type in the name of the The Identity Hub user or group you want to allow access for.


Troubleshooting

General Information

Information about The Identity Hub SharePoint Solution
Description SharePoint 2010 SharePoint 2013
Solution Id 651d6a62-7f32-40aa-b61c-53e4349d7ebb 9d456e96-9a98-4ce8-8297-3d4d5b10be35
Solution Name The Identity Hub Claim Provider The Identity Hub Claim Provider

Information about The Identity Hub SharePoint Features
Description SharePoint 2010 SharePoint 2013
The Identity Hub Claim Provider Feature Id 476b9c78-ee93-4310-9ebe-a5ba1186b4c7 267fea02-559f-42f1-ad09-0f91c4a8fd3d
The Identity Hub Claim Provider Path TheIdentityHubClaimProvider TheIdentityHubClaimProvider
The Identity Hub Trusted Identity Token Issuer Feature Id ffd8abb7-7f4e-4f23-973d-425883abccc0 1d60a4f4-7fa3-471c-8ba6-947b6154f571
The Identity Hub Trusted Identity Token Issuer Path TheIdentityHubTrustedIdentityTokenIssuer TheIdentityHubTrustedIdentityTokenIssuer

Diagnostics

The Identity Hub SharePoint Solution has diagnostics logging for configuration and operational steps.
Description SharePoint 2010 SharePoint 2013
Category The Identity Hub Trusted ClaimProvider The Identity Hub Trusted ClaimProvider

Steps to resolve install and uninstall issues

If something went wrong and the install/uninstall did not succeed, perform the following steps.
  • Make sure the Authentication Provider is no longer used in any Web Application. If you get a message "Authentication Provider still in use" performing the steps below, it means at least one Web Application still has The Identity Hub as Authentication Provider.

  • Open the SharePoint 2010/2013 Management Shell.

  • At the Windows PowerShell command prompt, type the following command to disable the first feature:

    Disable-SPFeature -Identity "TheIdentityHubClaimProvider" -Force

  • At the Windows PowerShell command prompt, type the following command to disable the second feature:

    Disable-SPFeature -Identity "TheIdentityHubTrustedIdentityTokenIssuer" -Force

  • At the Windows PowerShell command prompt, type the following command to remove the Trusted Identity Token Issuer:

    Remove-SPTrustedIdentityTokenIssuer -Identity "The Identity Hub {tenant}"

    If you get the message that no such object exists, it means the disabling of the features was successful.

  • At the Windows PowerShell command prompt, type the following command to remove the Claim Provider:

    Remove-SPClaimProvider -Identity "TheIdentityHubTrustedClaimProvider"

    If you get the message that no such object exists, it means the disabling of the features was successful.

  • At the Windows PowerShell command prompt, type the following command to uninstall The Identity Hub SharePoint Solution:

    Uninstall-SPSolution -Identity "the identity hub claim provider.wsp"

  • At the Windows PowerShell command prompt, type the following command to remove The Identity Hub SharePoint Solution:

    Remove-SPSolution -Identity "the identity hub claim provider.wsp"

  • At the Windows PowerShell command prompt, type the following command to add The Identity Hub SharePoint Solution:

    Add-SPSolution -LiteralPath [path to the The Identity Hub SharePoint solution package]

  • At the Windows PowerShell command prompt, type the following command to install The Identity Hub SharePoint Solution:

    Install-SPSolution -Identity "the identity hub claim provider.wsp" -GACDeployment -Force

  • At the Windows PowerShell command prompt, type the following command to enable the first feature:

    Enable-SPFeature -Identity "TheIdentityHubClaimProvider"

    If you get the message that the feature was already activated, it means the deployment of the Solution was successfull.

  • At the Windows PowerShell command prompt, type the following command to enable the second feature:

    Enable-SPFeature -Identity "TheIdentityHubTrustedIdentityTokenIssuer"

    If you get the message that the feature was already activated, it means the deployment of the Solution was successfull.

  • Follow the instructions under Step 3 - Install the SharePoint solution to configure your Web Application.