Post
Ask Question

Create Issuer ID for Provider Hosted Add-in in SharePoint 2016

When we are developing High Trust Provider Hosted Add-ins, we will be using a self-signed certificate for Add-in Authentication. However in production we will have to use a third party provided trusted certificate and self-signed certificate is not really an option. Once we have created the self signed certificate, we can refer that during Provider Hosted Add-in Creation.However we also have to add the Issue ID generated using the certificate. In this blog we will see how to create the Issuer ID using the self signed certificate.

developing

Spin up SharePoint 2016 Management Shell.Run the below command that will create the issuer ID and register a Secure Token Issuer using the Self Signed Certificate and the Issuer ID.
  1. #  
  2. Create an Issuer ID  
  3. $issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name  
  4. $oSite = Get - SPSite "http://sharepoint2016"  
  5. $oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite  
  6. $IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate  
  7. $Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"#  
  8. Register Token Issuer  
  9. $SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS  
  10. for dev environment  
  11. $SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig  
  12. $SPSTokenServiceConfig.AllowOAuthOverHttp = $true  
  13. $SPSTokenServiceConfig.Update()# Run an IISRESET  
  14. IISRESET# Print the Issuer ID  
  15. write - host "Issuer ID:"  
  16. $issuerID  
# Create an Issuer ID $issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name $oSite = Get - SPSite "http://sharepoint2016" $oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite $IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate $Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"# Register Token Issuer $SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS for dev environment $SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig $SPSTokenServiceConfig.AllowOAuthOverHttp = $true $SPSTokenServiceConfig.Update()# Run an IISRESET IISRESET# Print the Issuer ID write - host "Issuer ID:" $issuerID

Thus we have obtained the issuer ID which is highlighted in red as shown below.

# Create an Issuer ID $issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name $oSite = Get - SPSite "http://sharepoint2016" $oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite $IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate $Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"# Register Token Issuer $SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS for dev environment $SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig $SPSTokenServiceConfig.AllowOAuthOverHttp = $true $SPSTokenServiceConfig.Update()# Run an IISRESET IISRESET# Print the Issuer ID write - host "Issuer ID:" $issuerID

We will be using the issuer id - 2eaf9497-dea3-46b9-a429-21e01b8f6d44 while developing the Provider Hosted Add-in.

# Create an Issuer ID $issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name $oSite = Get - SPSite "http://sharepoint2016" $oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite $IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate $Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"# Register Token Issuer $SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS for dev environment $SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig $SPSTokenServiceConfig.AllowOAuthOverHttp = $true $SPSTokenServiceConfig.Update()# Run an IISRESET IISRESET# Print the Issuer ID write - host "Issuer ID:" $issuerID

If you have forgotten the issuer id which was created earlier, we can get it by running the command ‘Get-SPTrustedSecurityTokenIssuer’. We can reuse the certificate and issuer ID for creating multiple Provider Hosted Add-ins.

# Create an Issuer ID $issuerID = [System.Guid]::NewGuid().ToString()# Get registered Issuer Name $oSite = Get - SPSite "http://sharepoint2016" $oSPrealm = Get - SPAuthenticationRealm - ServiceContext $oSite $IssuerName = $issuerID + '@' + $oSPrealm# Get Certificate $Certificate = Get - PfxCertificate "C:\Users\farmaccount\Documents\Certificate\Add-inCertificate.cer"# Register Token Issuer $SecurityTokenIssuer = New - SPTrustedSecurityTokenIssuer - Name $issuerID - RegisteredIssuerName $IssuerName - Certificate $Certificate - IsTrustBroker# Choose to turn off HTTPS for dev environment $SPSTokenServiceConfig = Get - SPSecuritytokenServiceConfig $SPSTokenServiceConfig.AllowOAuthOverHttp = $true $SPSTokenServiceConfig.Update()# Run an IISRESET IISRESET# Print the Issuer ID write - host "Issuer ID:" $issuerID

Summary - Thus we saw how to create an Issuer ID for use with Provider Hosted Add-in in SharePoint Server 2016.
Next Recommended Reading Create a Self-Signed Certificate For Use With Provider Hosted Add-in In SharePoint Server 2016