Use Facebook as an Identity Provider for SharePoint 2013 – Part 3

At this stage, we are done configuring the Azure Part

Continue Configuration Steps:

  • Go to your SharePoint Farm
  • Create a new web application
    • Make sure the claim authentication will be as the following:
      • Enable Windows Authentication = Checked
      • Integrated Windows authentication = Check
      • Select NTLM
  • PS: The Facebook authentication will be enabled later

1

4

  • After creating the web application, go and create a site collection

5

  • Run the following script:
    • Red parameters need to be changed depend pon your configuration
$realm = "http://mysharepointlogin.com"
$signinurl = "https://mysharepointlogin.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2fmysharepointlogin.com%2f"
$certlocation = "C:UsersAdministratorDesktopMySharePointLogin.cer"
$rootcertificate = Get-PfxCertificate $certlocation
New-SPTrustedRootAuthority "MSharePointLogin" -Certificate $rootcertificate
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certlocation)
$ClaimTypingMapping1 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming
$ClaimTypingMapping2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" -IncomingClaimTypeDisplayName "Display Name" –LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
$ClaimTypingMapping3 = New-SPClaimTypeMapping -IncomingClaimType "http://www.facebook.com/claims/AccessToken" -IncomingClaimTypeDisplayName "Access Token" -SameAsIncoming
$ClaimTypingMapping4 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" -IncomingClaimTypeDisplayName "Name Identifier" –LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
$ClaimTypingMapping5 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration" -IncomingClaimTypeDisplayName "Expiration" -SameAsIncoming
New-SPTrustedIdentityTokenIssuer -Name "Facebook Authentication" -Description "Facebook Identity Provider" -Realm $realm -ImportTrustCertificate $certificate -ClaimsMappings $ClaimTypingMapping1,$ClaimTypingMapping2,$ClaimTypingMapping3,$ClaimTypingMapping4,$ClaimTypingMapping5 -SignInUrl $signinurl -IdentifierClaim $ClaimTypingMapping1.InputClaimType
 
  • realm = the URI or URL that is associated with a SharePoint web application that is configured to use a SAML token-based provider (SharePoint Web application URL)
  • signinurl = Access Control Namespace URL which was created in windows Azure.
  • $certloc = Physical path for the certificate. Make sure to select the .Cer
  • $rootcert = Get the .pfx certificate root
  • New-SPTrustedRootAuthority = Creates a trusted root authority.
  • $cert = to represents an X.509 certificate.
  • $ClaimTypingMapping = map between the new claim in SharePoint with the incoming claim from ACS.
  • New-SPTrustedIdentityTokenIssuer  = Create a new Identity Provider named Facebook Authentication

 

  • After running the script successfully – > Go and select the SharePoint Web Application you created – > General Setting from the top ribbon.

7 - Copy

  • Go to Claims Authentication Section and check Facebook Authentication

6

  • Go back and select the web application –> Click User Policy

7

  • In the pop windows –> Click Add Users

8

  • Select All zones and click Next

9

  • Click Browse Users

10

  • Select All Users –> All Users (Facebook Authentication) –> Click Add –> Click OK.

11

  • Select Full read – Has Full read-only access.

12

  • Click OK

13

Go to Part 2

Go to Part 4

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.