SharePointDSC

3.7.0.0

en-US/about_SPTrustedSecurityTokenIssuer.help.txt

                                .NAME

    SPTrustedSecurityTokenIssuer

# Description

    **Type:** Distributed

    **Requires CredSSP:** No

    This resource is used to create or remove a SPTrustedSecurityTokenIssuer in

    a SharePoint farm.

    It requires to specify either a MetadataEndPoint or a certificate.

    The certificate can be specified by setting either parameter

    SigningCertificateThumbPrint or SigningCertificateFilePath, but not both.

    The SigningCertificateThumbPrint must be the thumbprint of the signing

    certificate stored in the certificate store LocalMachine\My of the server

    The SigningCertificateFilePath must be the file path to the public key of

    the signing certificate.

    Properties RegisteredIssuerNameIdentifier and RegisteredIssuerNameRealm

    compose the RegisteredIssuerName. If RegisteredIssuerNameRealm is ommitted,

    it will be set with the realm of the farm.

    The default value for the Ensure parameter is Present. When not specifying this

    parameter, the token issuer is created.

.PARAMETER Name

    Key - String

    Name of the SPTrustedSecurityTokenIssuer

.PARAMETER Description

    Write - String

    Description of the SPTrustedSecurityTokenIssuer

.PARAMETER RegisteredIssuerNameIdentifier

    Write - String

    The security principal identifier of the security token issuer

.PARAMETER RegisteredIssuerNameRealm

    Write - String

    The realm of the security token issuer

.PARAMETER SigningCertificateThumbprint

    Write - String

    Specify the thumbprint of the signing certificate, which must be located in certificate store LocalMachine\\My

.PARAMETER SigningCertificateFilePath

    Write - String

    Specify the file path to the signing certificate if it is not stored in the local certificate store already

.PARAMETER MetadataEndPoint

    Write - String

    URL that SharePoint will reach to download the JSON metadata file of the issuer

.PARAMETER IsTrustBroker

    Write - Boolean

    Specifies whether the trust is established with a self-issuer partner app

.PARAMETER Ensure

    Write - String

    Allowed values: Present, Absent

    Present if the SPTrustedSecurityTokenIssuer should be created, or Absent if it should be removed

.PARAMETER InstallAccount

    Write - String

    POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5

.EXAMPLE 1

This example creates a trusted security token issuer using a signing certificate in a file path, and the SPAuthenticationRealm of the SharePoint farm.

Configuration Example

{

    param(

        [Parameter(Mandatory = $true)]

        [PSCredential]

        $SetupAccount

    )

    Import-DscResource -ModuleName SharePointDsc

    node localhost {

        SPTrustedSecurityTokenIssuer HighTrustAddinsTrust

        {

            Name                           = "HighTrustAddins"

            Description                    = "Trust for Provider-hosted high-trust add-ins"

            RegisteredIssuerNameIdentifier = "22222222-2222-2222-2222-222222222222"

            IsTrustBroker                  = $true

            SigningCertificateFilePath     = "F:\Data\DSC\FakeSigning.cer"

            Ensure                         = "Present"

            PsDscRunAsCredential           = $SetupAccount

        }

    }

}

.EXAMPLE 2

This example creates a trusted security token issuer using a signing certificate retrieved from its thumbprint, and the SPAuthenticationRealm of the SharePoint farm.

Configuration Example

{

    param(

        [Parameter(Mandatory = $true)]

        [PSCredential]

        $SetupAccount

    )

    Import-DscResource -ModuleName SharePointDsc

    node localhost {

        SPTrustedSecurityTokenIssuer HighTrustAddinsTrust

        {

            Name                           = "HighTrustAddins"

            Description                    = "Trust for Provider-hosted high-trust add-ins"

            RegisteredIssuerNameIdentifier = "22222222-2222-2222-2222-222222222222"

            IsTrustBroker                  = $true

            SigningCertificateThumbprint   = "123ABCFACE123ABCFACE123ABCFACE123ABCFACE"

            Ensure                         = "Present"

            PsDscRunAsCredential           = $SetupAccount

        }

    }

}

.EXAMPLE 3

This example creates a trusted security token issuer that will be configured using the metadata file of the ACS tenant.

Configuration Example

{

    param(

        [Parameter(Mandatory = $true)]

        [PSCredential]

        $SetupAccount

    )

    Import-DscResource -ModuleName SharePointDsc

    node localhost {

        SPTrustedSecurityTokenIssuer HighTrustAddinsTrust

        {

            Name                 = "ACS Trust"

            Description          = "Trust with ACS tenant TENANT.onmicrosoft.com"

            MetadataEndPoint     = "https://accounts.accesscontrol.windows.net/TENANT.onmicrosoft.com/metadata/json/1"

            IsTrustBroker        = $true

            Ensure               = "Present"

            PsDscRunAsCredential = $SetupAccount

        }

    }

}