ralfk/zettelkasten
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5a108aa2b4
zettelkasten/OneNoteExport/Kommunikationstechnologie/Sharepoint/Infrastruktur/05_ADFS Anbindung.md
Ralf Koop 5a108aa2b4 .
2023-08-25 23:29:11 +02:00

4.1 KiB
Raw Blame History

ADFS Anbindung

Donnerstag, 19. Juli 2018

13:43

Computergenerierter Alternativtext: Edit Rule - AD-LDAP-CIaims You to the LDAP as an frmn from the Send LDAP as ktrtbue : ei LDAP Etrib_tes to dSrm types\' x LDAP kthbue (Select ortyve to add more) Token&ows - l-hqualied Names Ch.ngoing Type (Select or type to add more) {width="4.895833333333333in" height="3.9791666666666665in"}

fs.bkk-mobil-oil.de

 

Folgende Powershell Befehle müssen auf einem SharePoint Server ausgeführt werden:

 

---Anfang---

 

Add-PSSnapin *sharepoint*

 

$adfscertPath = "d:\ADFS-Signing-fs-bkk-mobil-oil-de.cer"

$realm = "urn:spt-portal:sp2016"

$signInURL = "https://fs.bkk-mobil-oil.de/adfs/ls"

 

//"https://portal-spt.bkk-mobiloil.de/adfs/ls/"

 

$adfscert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($adfsCertPath)

New-SPTrustedRootAuthority -Name "ADFS Token Signing Cert" -Certificate $adfscert

 

(Pause)

 

$emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming

$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming

$roleClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming

$sidClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" -IncomingClaimTypeDisplayName "SID" -SameAsIncoming

$ap = New-SPTrustedIdentityTokenIssuer -Name "ADFS3" -Description "ADFS provider3" -realm $realm -ImportTrustCertificate $adfscert -ClaimsMappings $emailClaimMap,$upnClaimMap,$roleClaimMap,$sidClaimMap -SignInUrl $signInURL -IdentifierClaim $emailClaimmap.InputClaimType

 

----Ende--

 

Danach müssen noch die Benutzer auf die Site berechtigt werden!

 

Script dafür:

$wa = get-spwebapplication https://portal-spt.bkk-mobiloil.de

Convert-SPWebApplication -Identity $wa -From CLAIMS-WINDOWS -To CLAIMS-TRUSTED-DEFAULT -TrustedProvider $ap -RetainPermissions

 

Aus <https://blogs.technet.microsoft.com/adamsorenson/2018/01/17/sharepoint-20132016-migrate-from-windows-claims-to-adfs/>

 

 

Informationen zum ADFS:

get-SPTrustedIdentitytokenissuer "ADFS"

 

Delete the Trusted Identity Provider per Powershell:

Remove-SPClaimProvider "Name"

Remove-SPTrustedIdentityTokenIssuer "Name"

 

Aus <https://blogs.technet.microsoft.com/adamsorenson/2018/06/22/remove-sptrustedidentityissuer-the-trusted-login-provider-is-in-use-and-cannot-be-deleted/>

 

 

Infos:

http://www.christianloth.de/sharepoint-2013-how-to-install-and-configure-adfs-3-0/

https://blogs.technet.microsoft.com/adamsorenson/2018/01/17/sharepoint-20132016-migrate-from-windows-claims-to-adfs/

 

http://www.sharepointpals.com/post/How-to-Add-more-than-One-SharePoint-2013-WebApplication-to-a-SPTrustedIdentityTokenIssuer-on-ADFS-using-PowerShell

 

 

 

Überprüfen des ADFS Servers:

https://fs.bkk-mobil-oil.de/adfs/ls/IdpInitiatedSignon.aspx

https://portal-spt.bkk-mobiloil.de/adfs/ls/IdpInitiatedSignon.aspx

 

fs.bkk-mobil-oil.de

https://bkkadfs001.mobiloil.de/adfs/ls/IdpInitiatedSignon.aspx

 

 

 

 

 

Richtig gut erklärt : ADFS2.0

https://samlman.wordpress.com/2015/02/28/configuring-sharepoint-2010-and-adfs-v2-end-to-end/

 

 

 

 

 

https://lorson.wordpress.com/2014/08/15/configure-adfs-3-0-with-sharepoint-2013-for-claim-authentication/

 

Configure ADFS 3.0 with Sharepoint 2013 for Claim authentication

 

Aus <https://lorson.wordpress.com/2014/08/15/configure-adfs-3-0-with-sharepoint-2013-for-claim-authentication/>