Writing your own Trusted Identity provider for SP2010 (3)

By | 2010-11-16

This is part three of a Multi Blog post on “writing your own Trusted Identity provider / Claim Provider for SP2010“. In the first post I covered:

In the second post I covered:

In this post will:

  • Create a Trust between your Tusted Identity Provider (STS) and SharePoint 2010
  • Create or Configure your SP2010 WebApplication to use the Tusted Identity Provider

To create a Trust between your new STS and SharePoint you need to run a few powershell steps:
First we have some variables to set:

Next we start with the creation of a trust:

This adds a Trust, and you can view this in the Central Administration :
0272_sp2010-claims-trust1_14B10BA5
Now we create a SPTrustedIdentityTokenIssuer:

And now we can trust our own STS in our Claims Based WebApplication:
5327_sp2010-claims-webapplication-provider1_7DA28A68
Off course there is an App/Wizard for this also: SPFedUtil.

So there you have it, when you browse your Claims Based WebApplicaiton you will now get this screen:
0118_sp2010-claims-webapplication-login1_60D8EF86
Choose your STS, login with proper credentials, and you will be redirected to your SharePoint WebApplication:
0636_vs2010-wif-4_0-sts-website-login-300x108_69E7D140

Small Bonus tip: add an identity claim to a Site collection Group

Small Bonus tip 2: add a AD Group to a Site collection group with Claims based authentication:

One thought on “Writing your own Trusted Identity provider for SP2010 (3)

  1. Pingback: Writing your own Trusted Identity provider for SP2010 (2) « SharePoint Stef (@vanHooijdonk)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.