Page created: 3 Dec 2019 |
Page updated: 16 Feb 2022
Run the following commands in the SharePoint Management Shell to add an identity provider.
- Open SharePoint Management Shell.
Update the following commands according to your environment and run them one by
one. To run the commands as a PowerShell script, add them to a
#Path to the Signing Certificate exported from the PingFederate server. $certpath = "c:\<pf-cert-name>.crt" #Name the PingFederate will be represented within SharePoint as a Trusted Identity Provider (PingFederateSTS was used in this example). $stsname = "<PingFederate_Trusted_Identity_Provider_name>" #Description for PingFederate STS within SharePoint. $stsdesc = "PingFederate Claims Provider" #Entity ID of the SharePoint realm (in our example it is ektd:sp02). $stsrealm = "<SharePoint_Realm_Name>" #PingFederate WS-Federation Endpoint. $signinurl = "https://<PingFederate_host_name_or_FQDN>:<port_number>/idp/prp.wsf" #Importing PingFederate Certificate into SharePoint. $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("$certpath") New-SPTrustedRootAuthority -Name "PingFederate Token Signing Cert" -Certificate $cert # Defining incoming Claim Types. # Note: It could be more than one incoming claim type specified here. $m1 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming # Creating Trusted Identity Provider New-SPTrustedIdentityTokenIssuer -Name $stsname -Description $stsdesc -Realm $stsrealm -ImportTrustCertificate $cert -ClaimsMappings $m1 -SignInUrl $signinurl -IdentifierClaim $m1.InputClaimType