In the previous post we got the configuration done to allow the user to authenticate and associate their login details to the user request. At that point they will be sent and email inviting them to login into the private portal to start to do business. In this video we’ll look at the setup of that private portal.

In this walk through we configured the public and the private site on the same machine. Through the configuration process we told SharePoint about our authentication provider. So if have different machines then you will want to do the setup for the trusted root authority that you saw in this post  about 10minutes in this video where we configure SharePoint with PowerShell and run these sets of commands:

————————-

$claim1 = New-SPClaimTypeMapping -IncomingClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier” -IncomingClaimTypeDisplayName “ACS Name Identifier Claim” -LocalClaimType “http://schemas.microsoft.com/custom/claim/type/2013/07/acs-nameidentifier”
$claim2 = New-SPClaimTypeMapping -IncomingClaimType “http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider” -IncomingClaimTypeDisplayName “ACS Identity Provider” -LocalClaimType “http://schemas.microsoft.com/custom/claim/type/2013/07/acs-identityprovider”
$claim3 = New-SPClaimTypeMapping -IncomingClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name” -IncomingClaimTypeDisplayName “ACS username” -LocalClaimType “http://schemas.microsoft.com/custom/claim/type/2013/07/acs-username”

$acscert = Get-PfxCertificate c:\temp\ACSCertVM6.cer

New-SPTrustedIdentityTokenIssuer -Name “AzureACS” -Description “Azure ACS” -Realm “urn:axr3mavm6:AzureACS”  -ImportTrustCertificate $acscert -SignInUrl “https://axr3mavm6.accesscontrol.windows.net/v2/wsfederation” -ClaimsMappings $claim1,$claim2,$claim3 -IdentifierClaim $claim1.InputClaimType

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($acscert)
$spcert = New-SPTrustedRootAuthority -Certificate $cert -Name “ACSTokenSigningCert”

——————-

You can done the hard part if you get to this step. In these videos I was using LiveID as the authentication provider but you could use something else like Azure Active Directory as you can see in these posts.

http://organicax.com/2015/03/04/creating-a-new-azure-ad-identity-provider-in-azure-acs-and-use-with-ax2012-enterprise-portal/

http://organicax.com/2015/03/04/concepts-in-using-azure-ad-with-ax2012-enterprise-portal/

Good luck with it.

Cheers

Lachlan


Filed under: Integration technology