Team blog of MCS @ Middle East and Africa

This blog is created by Microsoft MEA HQ near shoring team, and it aims to share knowledge with the IT community.With its infrastructure and development sides,It brings to you the proven best practices and real world experiences from Subject Matter Experts
Follow Us On Twitter! Subscribe To Our Blog! Contact Us

Use Facebook as an Identity Provider for SharePoint 2013 – Part 3

Use Facebook as an Identity Provider for SharePoint 2013 – Part 3

  • Comments 2
  • Likes

At this stage, we are done configuring the Azure Part

Continue Configuration Steps:

  • Go to your SharePoint Farm
  • Create a new web application
    • Make sure the claim authentication will be as the following:
      • Enable Windows Authentication = Checked
      • Integrated Windows authentication = Check
      • Select NTLM
  • PS: The Facebook authentication will be enabled later

1

4

  • After creating the web application, go and create a site collection

5

  • Run the following script:
    • Red parameters need to be changed depend pon your configuration
$realm = "http://mysharepointlogin.com"
$signinurl = "https://mysharepointlogin.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2fmysharepointlogin.com%2f"
$certlocation = "C:\Users\Administrator\Desktop\MySharePointLogin.cer"
$rootcertificate = Get-PfxCertificate $certlocation
New-SPTrustedRootAuthority "MSharePointLogin" -Certificate $rootcertificate
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certlocation)
$ClaimTypingMapping1 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming
$ClaimTypingMapping2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" -IncomingClaimTypeDisplayName "Display Name" –LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
$ClaimTypingMapping3 = New-SPClaimTypeMapping -IncomingClaimType "http://www.facebook.com/claims/AccessToken" -IncomingClaimTypeDisplayName "Access Token" -SameAsIncoming
$ClaimTypingMapping4 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" -IncomingClaimTypeDisplayName "Name Identifier" –LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
$ClaimTypingMapping5 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration" -IncomingClaimTypeDisplayName "Expiration" -SameAsIncoming
New-SPTrustedIdentityTokenIssuer -Name "Facebook Authentication" -Description "Facebook Identity Provider" -Realm $realm -ImportTrustCertificate $certificate -ClaimsMappings $ClaimTypingMapping1,$ClaimTypingMapping2,$ClaimTypingMapping3,$ClaimTypingMapping4,$ClaimTypingMapping5 -SignInUrl $signinurl -IdentifierClaim $ClaimTypingMapping1.InputClaimType
 
  • realm = the URI or URL that is associated with a SharePoint web application that is configured to use a SAML token-based provider (SharePoint Web application URL)
  • signinurl = Access Control Namespace URL which was created in windows Azure.
  • $certloc = Physical path for the certificate. Make sure to select the .Cer
  • $rootcert = Get the .pfx certificate root
  • New-SPTrustedRootAuthority = Creates a trusted root authority.
  • $cert = to represents an X.509 certificate.
  • $ClaimTypingMapping = map between the new claim in SharePoint with the incoming claim from ACS.
  • New-SPTrustedIdentityTokenIssuer  = Create a new Identity Provider named Facebook Authentication

 

  • After running the script successfully – > Go and select the SharePoint Web Application you created – > General Setting from the top ribbon.

7 - Copy

  • Go to Claims Authentication Section and check Facebook Authentication

6

  • Go back and select the web application –> Click User Policy

7

  • In the pop windows –> Click Add Users

8

  • Select All zones and click Next

9

  • Click Browse Users

10

  • Select All Users –> All Users (Facebook Authentication) –> Click Add –> Click OK.

11

  • Select Full read – Has Full read-only access.

12

  • Click OK

13

Go to Part 2

Go to Part 4

Comments
  • Thanks for the detailed configuration steps. Very informative!

  • fantastic article. some steps didn't work for me, but still very informative. thank you

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment