A very powerful integration capability is available between SharePoint 2013 and SharePoint 2010/2013, where SharePoint 2010 can still consume service applications from SharePoint 2013 , in this post I will walk you through a step by step guide on how to consume managed meta data service applications resides in SharePoint 2013 from a site resides in SharePoint 2010 farm ,
you can still use the same steps to consume any other service application to achieve cross farm service application, and this post is also applicable if you want to perform the integration between two SP2013 farms.
An administrator of the consuming farm (SP2010) must provide two trust certificates to the administrator of the publishing farm
Administrator of publishing farm (SP2013) must provide one trust certificate to the consuming farm (SP2010)
a-To export the root certificate from the consuming farm
in PowerShell run the following commands:
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content "C:\ConsumingFarmRoot.cer" -Encoding byte
b-To export the STS certificate from the consuming farm
$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export("Cert") | Set-Content "C:\ConsumingFarmSTS.cer" -Encoding byte
under C: drive:
$rootCert.Export("Cert") | Set-Content "C:\PublishingFarmRoot.cer" -Encoding byte
Certificates must be imported on both consuming farm and publishing farm as the following:
a new trust will appear
On the publishing farm (SP2013) on which the service application is located, an administrator must explicitly publish the service application. Service applications that are not explicitly published are available to the local farm only
Information URL : this is an optional info where you can for instance create a page within SharePoint 2013 and place its link here, so admins will read more info about this service application
Important: Copy the Published URL , we are going to use it in the consuming farm later on
You must give the consuming farm permission to the Application Discovery and Load Balancing Service Application on the publishing farm
After doing this, give the consuming farm permission to the published service applications that it will be consuming
Get-SPFarm | Select Id
copy the Consuming farm ID : 1ccfc7f5-b62a-4404-962c-359371d2cd60
paste the consuming farm ID you extracted previously, then click check names
add the consuming farm ID and grant it full control then press OK
Tip : Or you can optionally use the PowerShell command to achieve the same to above:
$security=Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity
$principal=New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimprovider -ClaimValue 1ccfc7f5-b62a-4404-962c-359371d2cd60
where 1ccfc7f5-b62a-4404-962c-359371d2cd60 is the <consumingfarmid> i extracted from the previous step.
Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"
Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security
add the consuming farm ID and grant it full the required permissions in my case full access to term store is granted
After the publishing farm has published the service application, an administrator of the consuming farm can connect to that service application from the consuming farm if the address of the specific service application is known
now from consuming farm (SP2010) you can connect to a service application that has been shared by the publishing farm (SP2013) by providing the address of the farm's discovery service or the address of the service application.
to do so from the consuming farm open CA - manage service application - from ribbon select connect
Place the connection info for the service application extracted from the publishing farm (managed meta data service application)
then click Ok
Important: the server time (clock) should be synchronized to be the time on both consuming and publishing farm or else a consuming farm wont be able to reach the publishing farm service due to The security timestamp is invalid between servers.
select the service application , make sure to be added to default proxy group ,then click ok
now it will appear in the list of service application of the consuming farm (SP2010)
An administrator must associate the new service application connection with a local Web application on the consuming farm
in the consuming farm (SP2010) open CA - under service Applications click configure service applications association make sure the new proxy is added to the default group and assigned to the desired web application
Open a site within SharePoint 2010 , create a custom list , from ribbon create column
make sure managed Metadata is selected:
scroll down , you should see now the term sets from SP2013 :)
Note: in some scenarios you might need to allow server to server authentication , if your case is one of the below you need then to configure server to server authentication otherwise you are done, no need to perform any additional steps
if you need to extend to achieve one of the above scenarios follow the steps in this post then you will be done :) http://technet.microsoft.com/en-us/library/jj992595.aspx
Great write up, Thanks Issa for sharing this!
Simple and descriptive article.
This works only with Managed Metadata service Apps. Is there any way to configure this for Search Serice apps? Though multiple search service proxies are assoicated with a single web app, search results can be defaulted to only to a single proxy. Any idea on how to consume multiple web app proxies on single web app?
Thank you for the posting Issa. Very helpful
Dear Issa Ayyash,I have applied all the step for User profile service and it is successfully added in consuming farm but newly added proxy not in enabled state and previously created proxy is the default. That's why sync is not happening.. can u help here. How to make new proxy as default (checkbox I had already selected).Thanks.
Hi Issa Ayaash,
The steps mentioned here are really awsesome , it helped me alot to understand the topic.
Thanks alot !!
Thanks, I had a heap of trouble trying to figure out how to get the User Profile to work between the farms. This post helped to point me in the right direction. Thanks so much.
Thanks Issa for this post! I was doubtful if this is supported.
Can content type hub be consumed as well? Like the content types and site columns created in 2013, will they be accessible from SP 2010 site as well?
Can i consume MMS from share point 2010 to 2013. I tried doing it's not working. Please suggest.
Wonderful post however I was wondering if you could write a little more on this topic? I’d be very thankful if you could elaborate a little bit further. Thank you!
http://staygreenacademy.com">SharePoint Online Training
I absolutely love your blog and find nearly all of your post’s to be precisely what I’m looking for.
Great article ...Thanks for your great information, the contents are quiet interesting. I will be waiting for your next post.
http://staygreenacademy.com">SharePoint 2013 Developer training Online
Does this work for a SP 2013 server consuming a SP 2010 service?