How to configure SharePoint trusted identity provider for UPN

#-- Add Certificates to SharePoint certificate store.
#-- Select Token signing Certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("D:\Certs\TokenSign\TokenSign.cer")

#-- Add Token signing Certificate to SharePoint trusted store
New-SPTrustedRootAuthority -Name "Token Sign ADFS 3.0" -Certificate $cert


#-- Creating Claim mapping
$emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming
$roleClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming

#-- Creating Trusted Identity Provider for SharePoint
#-- Share IdP realm
$realm = "URN:SharePoint:Extranet"

#-- URL for the IdP solution
$signInURL = "https://sts.contoso.com/adfs/ls/"

#-- Name of IdP 
$ProviderName = 'Extranet ADFS'

#-- IdP Token issuer for SharePoint
New-SPTrustedIdentityTokenIssuer -Name $ProviderName -Description 'Contoso Federated Authentication - External' -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $emailClaimMap, $UPNClaimMap, $RoleClaimMap -SignInUrl $signInURL -IdentifierClaim $UPNClaimmap.InputClaimType

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s