-
Notifications
You must be signed in to change notification settings - Fork 107
SPTrustedSecurityTokenIssuer
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
Name | Key | String | Name of the SPTrustedSecurityTokenIssuer | |
Description | Write | String | Description of the SPTrustedSecurityTokenIssuer | |
RegisteredIssuerNameIdentifier | Write | String | The security principal identifier of the security token issuer | |
RegisteredIssuerNameRealm | Write | String | The realm of the security token issuer | |
SigningCertificateThumbprint | Write | String | Specify the thumbprint of the signing certificate, which must be located in certificate store LocalMachine\My | |
SigningCertificateFilePath | Write | String | Specify the file path to the signing certificate if it is not stored in the local certificate store already | |
MetadataEndPoint | Write | String | URL that SharePoint will reach to download the JSON metadata file of the issuer | |
IsTrustBroker | Write | Boolean | Specifies whether the trust is established with a self-issuer partner app | |
Ensure | Write | String | Present if the SPTrustedSecurityTokenIssuer should be created, or Absent if it should be removed | Present, Absent |
InstallAccount | Write | PSCredential | POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5 |
Type: Distributed Requires CredSSP: No
This resource is used to create or remove a SPTrustedSecurityTokenIssuer in a SharePoint farm.
It requires to specify either a MetadataEndPoint or a certificate.
The certificate can be specified by setting either parameter SigningCertificateThumbPrint or SigningCertificateFilePath. If specifying both SigningCertificateThumbPrint and SigningCertificateFilePath, the certificate thumbprint from the file will be verified with the specified SigningCertificateThumbPrint. If the thumbprints doesn't match an exception will be thrown when configuring the resource.
The SigningCertificateThumbPrint must be the thumbprint of the signing certificate stored in the certificate store LocalMachine\My of the server. If SigningCertificateFilePath is also specified it must be the same thumbrint as the certificate file.
The SigningCertificateFilePath must be the file path to the public key of the signing certificate.
Properties RegisteredIssuerNameIdentifier and RegisteredIssuerNameRealm compose the RegisteredIssuerName. If RegisteredIssuerNameRealm is ommitted, it will be set with the realm of the farm.
The default value for the Ensure parameter is Present. When not specifying this parameter, the token issuer is created.
This example creates a trusted security token issuer using a signing certificate in a file path, and the SPAuthenticationRealm of the SharePoint farm.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost {
SPTrustedSecurityTokenIssuer HighTrustAddinsTrust
{
Name = "HighTrustAddins"
Description = "Trust for Provider-hosted high-trust add-ins"
RegisteredIssuerNameIdentifier = "22222222-2222-2222-2222-222222222222"
IsTrustBroker = $true
SigningCertificateFilePath = "F:\Data\DSC\FakeSigning.cer"
Ensure = "Present"
PsDscRunAsCredential = $SetupAccount
}
}
}
This example creates a trusted security token issuer using a signing certificate retrieved from its thumbprint, and the SPAuthenticationRealm of the SharePoint farm.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost {
SPTrustedSecurityTokenIssuer HighTrustAddinsTrust
{
Name = "HighTrustAddins"
Description = "Trust for Provider-hosted high-trust add-ins"
RegisteredIssuerNameIdentifier = "22222222-2222-2222-2222-222222222222"
IsTrustBroker = $true
SigningCertificateThumbprint = "123ABCFACE123ABCFACE123ABCFACE123ABCFACE"
Ensure = "Present"
PsDscRunAsCredential = $SetupAccount
}
}
}
This example creates a trusted security token issuer that will be configured using the metadata file of the ACS tenant.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost {
SPTrustedSecurityTokenIssuer HighTrustAddinsTrust
{
Name = "ACS Trust"
Description = "Trust with ACS tenant TENANT.onmicrosoft.com"
MetadataEndPoint = "https://accounts.accesscontrol.windows.net/TENANT.onmicrosoft.com/metadata/json/1"
IsTrustBroker = $true
Ensure = "Present"
PsDscRunAsCredential = $SetupAccount
}
}
}
- Home
- Getting Started
- Pre-requisites
- Installing the module
- Exporting SharePoint Configuration
- Creating Configuration Files
- Pre-created Examples
- Creating an Azure development environment
- Understanding Resources & Syntax
- Remote PowerShell Authentication
- Contributing to SharePointDsc
- Other useful modules for SharePoint DSC configurations