GD Bloggers

This is the blog site for Microsoft Global Delivery Communities focused in sharing the technical knowledge about devices, apps and cloud.
Follow Us On Twitter! Subscribe To Our Blog! Contact Us

Use Facebook as an Identity Provider for SharePoint 2013 – Part 2

Use Facebook as an Identity Provider for SharePoint 2013 – Part 2

  • Comments 1
  • Likes

At this stage we are done configuring the Facebook part.

Continue Configuration Steps:

  • Now we need to create a signing token certificate. This is used to sign tokens issued to SharePoint Web Applications.
  • Open command prompt, browse to MakeCert.exe command which can be found in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path.
    • If MakeCert.exe is missing, then download and install Windows SDK from here
  • Run the following command:

MakeCert.exe -r -pe -n "CN=mysharepointlogin.accesscontrol.windows.net" ^

-sky exchange -ss my -len 2048 -e 05/29/2014

 

  • After the operation succeed, go to Control Panel –> Administrative Tools –> Manage Computer Certificate.
  • Expand Certificates – Current User, Personal, and click on Certificate. You will find the newly created signing token certificate.

2

  • Right Click on the new certificate go to All Tasks –> Export.
  • Choose No, do not export the private key, and click next.

3

  • Choose Base-64 encoded x,509 (.CER), and click Next.

4

  • Save the Certificate on the Desktop, ex: "C:\Users\Administrator\Desktop\MySharePointLogin.cer"
  • Go again to Control Panel –> Administrative Tools –> Manage Computer Certificate.
  • Browse to the same certificate again (Current User –> Personal -> click on Certificate).
  • Right Click on the new certificate go to All Tasks –> Export.
  • Choose Yes, export the private key, and click next.

5

  • Choose Personal Information Exchange –PKCS #12(.PFX) and click Next.

6

  • Choose Password, and choose a password; remember this password as it will be used later.

7

  • Save the Certificate on the Desktop, ex: "C:\Users\Administrator\Desktop\MySharePointLogin.pfx”

 

  • Go to your Access Control Namespace URL:
    • http://MySharePointLogin.accesscontrol.windows.net (Mine)
    • http://YourNamespaceTitle.accesscontrol.windows.net (Your namespace title)
  • Click on Identity Providers.

11

  • Click Add

12

  • Select Facebook and click Add

13

14

 

  • Click on Relying Party Applications from the left navigation, then click Add.

15

 

  • Fill the related information for the relying party (SharePoint)
    • Name –> Web Application Host Header (ex: SharePointLogin.com
    • Realm –> http://WebApplicationHostHeader (ex: http://SharePointLogin.com)
    • Return URL –> Http://WebApplicationHostHeader/_trust (ex: http://SharePointLogin.com/_trust)
    • Token Format: SAML 1.1

image

  • Fill the related information for the relying party (SharePoint)
    • Token encryption policy –> None
    • Token lifetime (secs) –> 4000
    • Choose Facebook as Identity Provider.
    • Check Create New Rule Group
    • Browse to the certificate you exported from the previous step; choose the certificate with .PFX extension.
    • Enter the password you created when you exported the certificate.
    • Click Save.

18

  • Click Rule Groups from the left navigation and then click on Default Rule Group for MySharePointLogin.com

19

  • Click Generate

20

  • Choose Facebook and click Generate

21

  • Click Save

22

Go to Part 1

Go to Part 3

Comments
  • Hello, do you know how to do this without using ACS? Any help would be much appreciated. Thanks.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment