Create Issuer ID for Provider Hosted Add-in in SharePoint 2016

Priyaranjan K S
Oct 10, 2016

30.6k
0
3
- facebook
- twitter
- linkedIn
- Reddit
- WhatsApp
- Email
- Bookmark

When we are developing High Trust Provider Hosted Add-ins, we will be using a self-signed certificate for Add-in Authentication. However in production we will have to use a third party provided trusted certificate and self-signed certificate is not really an option. Once we have created the self signed certificate, we can refer that during Provider Hosted Add-in Creation.However we also have to add the Issue ID generated using the certificate. In this blog we will see how to create the Issuer ID using the self signed certificate.

developing

Spin up SharePoint 2016 Management Shell.Run the below command that will create the issuer ID and register a Secure Token Issuer using the Self Signed Certificate and the Issuer ID.

#
Create an Issuer ID
$issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name
$oSite = Get - SPSite "http://sharepoint2016"
$oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite
$IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate
$Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"#
Register Token Issuer
$SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS
for dev environment
$SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig
$SPSTokenServiceConfig.AllowOAuthOverHttp = $true
$SPSTokenServiceConfig.Update()# Run an IISRESET
IISRESET# Print the Issuer ID
write - host "Issuer ID:"
$issuerID

$# Create an Issuer ID $issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name $oSite = Get - SPSite "http://sharepoint2016" $oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite $IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate $Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"# Register Token Issuer $SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS for dev environment $SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig $SPSTokenServiceConfig.AllowOAuthOverHttp = $true $SPSTokenServiceConfig.Update()# Run an IISRESET IISRESET# Print the Issuer ID write - host "Issuer ID:" $issuerID$

Thus we have obtained the issuer ID which is highlighted in red as shown below.

$# Create an Issuer ID $issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name $oSite = Get - SPSite "http://sharepoint2016" $oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite $IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate $Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"# Register Token Issuer $SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS for dev environment $SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig $SPSTokenServiceConfig.AllowOAuthOverHttp = $true $SPSTokenServiceConfig.Update()# Run an IISRESET IISRESET# Print the Issuer ID write - host "Issuer ID:" $issuerID$

We will be using the issuer id - 2eaf9497-dea3-46b9-a429-21e01b8f6d44 while developing the Provider Hosted Add-in.

$# Create an Issuer ID $issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name $oSite = Get - SPSite "http://sharepoint2016" $oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite $IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate $Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"# Register Token Issuer $SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS for dev environment $SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig $SPSTokenServiceConfig.AllowOAuthOverHttp = $true $SPSTokenServiceConfig.Update()# Run an IISRESET IISRESET# Print the Issuer ID write - host "Issuer ID:" $issuerID$

If you have forgotten the issuer id which was created earlier, we can get it by running the command ‘Get-SPTrustedSecurityTokenIssuer’. We can reuse the certificate and issuer ID for creating multiple Provider Hosted Add-ins.

$# Create an Issuer ID $issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name $oSite = Get - SPSite "http://sharepoint2016" $oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite $IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate $Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"# Register Token Issuer $SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS for dev environment $SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig $SPSTokenServiceConfig.AllowOAuthOverHttp = $true $SPSTokenServiceConfig.Update()# Run an IISRESET IISRESET# Print the Issuer ID write - host "Issuer ID:" $issuerID$

Summary - Thus we saw how to create an Issuer ID for use with Provider Hosted Add-in in SharePoint Server 2016.