Step 3 – Adding certificate to SharePoint for token generation
By doing previous Steps, you have created your high trust certificate and export that into .CER and .PFX files.
In this step, we will we registering our certificate (HighTrustTokenCert) into SharePoint, so SharePoint can generate token when such request come from our WCF application.
Complete chain of the certificate needs to registered within SharePoint as Trusted Root Authority, Means if we follow Path 1 for certificate generation then we need to run below PS for only “HighTrustTokenCert” but In case I choose path 2 where my certificate is generating from Root Authority “LocalRootCA” then we need to run below PS for complete chain
Installing “LocalRootCA” certificate as “Trusted Root Authority” in SP
You can ignore this if you created your self signed certificate directly from IIS or your Certificate does not contain any Root Certificate $localRootCAPath = <<Your Path where you save LocalRootCA.CER>> $certficate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($localRootCAPath) New-SPTrustedRootAuthority -Name "LocalRootCA" -Certificate $certficate
Installing “HighTrustTokenCert” certificate as “Trusted Root Authority” in SP
$localRootCAPath = <<Your Path where you save HighTrustTokenCert.CER>> $certficate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($localRootCAPath) New-SPTrustedRootAuthority -Name "HighTrustTokenCert" -Certificate $certficate
By above command you installed your certificate into SharePoint Trust. Next steps include creating an Issuer ID for Certificate and registering in SharePoint against out “HighTrustTokenCert” so SharePoint can generate token when requested by client application
Creating Issuer ID
Run SharePoint Management Shell as Administrator and Run below PS command
$realm = Get-SPAuthenticationRealm $certIssuerID = "11111111-1111-1111-1111-1111111111" // <any GUID>> $fullIssuerIdentifier = $certIssuerID + "@" + $realm
You can pass any GUID in certIssuerID. Please note down this GUID as this will be used by our WCF application to connect to SharePoint.
Registering “HighTrustTokenCert” in SharePoint for Token Generation
Run below PS in SharePoint Management Shell –
$localRootCAPath = <<Your Path where you save HighTrustTokenCert.CER>> $certficate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($localRootCAPath) New-SPTrustedSecurityTokenIssuer -Name "HighTrustTokenCert Token" -Certificate $certficate -RegisteredIssuerName $fullIssuerIdentifier -IsTrustBroker
Now our certificate is ready to use in our application.
Checkout next post on this topic
11,242 total views, 3 views today
1 Comment
nathalie · January 10, 2022 at 5:08 PM
Thanks !