Recent Changes - Search:

Categories

Does Portal Guard Support Share Point

PortalGuard and SharePoint

Tags:: sharepoint, sso, 2fa, sspr, federation

Problem Definition

Is PortalGuard able to federate with Microsoft SharePoint?


Solution

PortalGuard is able to federate with Microsoft SharePoint. Listed below are the requirements and steps needed to get PortalGuard functioning with SharePoint.

Requirements:

• The target SharePoint website(s) must be configured to use claims based authentication. If they have not already been configured, then the steps in Migrate from classic-mode to claims-based authentication (SharePoint Server 2010) must be followed to do so.

• SSL connections to the SharePoint server are required when using claims based authentication.

Procedure: The following steps include the creation of a new/demo SharePoint website which utilizes claims-based authentication. The name of the SharePoint server is highlighted in the steps below as “mustang.pg.local”. Replace this with the name of your own SharePoint server or alias.

On PortalGuard server: 1. Launch Identity Provider Configuration Editor (IdP_Config.exe)

2. On the top-level Attribute Stores tab, create a new Attribute Store configuration

3. Point it to your Active Directory. Since the PG IdP makes no changes to attribute stores, the “Generic User” account on the LDAP Basic tab only needs read access. This field value must be the full distinguished name of the user in AD.

4. Create a new Relying Party configuration with the following settings:

5. General tab:

6. WS-Fed tab:

  • . Click “SharePoint 2010” button in “Templates” group
  • . OK “token lifetime” notification popup that appears

7. Identity Claims tab:

c. Create second new claim:

8. IdP-Initiated tab:

  • . Display Text: SharePoint 2010
  • . Help Text: Team room
  • . Check “IdP-initiated SSO not directly supported by RP d. Default URL: https://mustang.pg.local

9. Click the Save button to commit the changes to the Relying Party configuration

On SharePoint server

1. Copy the PortalGuard IdP signing certificate to SharePoint server, e.g. C:\PGIdP.cer

2. Copy create_PG_TrustedTokenIssuer.ps1 and create_DemoSSO_webapp.ps1 to the SharePoint server

3. Open create_PG_TrustedTokenIssuer.ps1 in a text editor and:

  • Change the $certpath variable to the path to the PortalGuard IdP signing certificate on the SharePoint server
  • . Change the server portion of the $SSOURL variable to your PortalGuard server. This value must use HTTPS and still end in “/sso/go.ashx”.
  • . Save the changes

4. Open create_DemoSSO_webapp.ps1 in a text editor and:

  • . Change the $waurl variable to the SharePoint server name or alias, e.g. https://mustang.pg.local.
  • . Change the $apppool variable to the DOMAIN\account identity under which the website should run
  • . Change the $useremail variable to your test user’s exact email address – they will explicitly be given Full Control permissions to this test site.

5. Launch SharePoint 2010 Management Shell

6. Change directory using the “cd” command to the folder containing the .ps1 files

7. Execute the create_PG_TrustedTokenIssuer.ps1 script by typing the name and hitting enter. It may take some time to complete.

8. Execute the create_DemoSSO_webapp.ps1 script by typing the name and hitting enter. It may also take some time to complete. You should now be able to launch a browser and access the new SharePoint website (e.g. https://mustang.pg.local). You should be redirected to the PortalGuard IdP to login, then redirected back to SharePoint upon successful login. You can also use SharePoint Central Administration to use PortalGuard for SSO under Application Management -> Manage web applications then clicking the website and clicking the “Authentication Providers” button in the ribbon. After choosing the zone to edit, PortalGuard should appear as an option under the “Trusted Identity provider” section:

Page last modified on January 29, 2016, at 09:27 AM