Configuring Windows Azure Access Control Service (ACS) and Facebook authentication in SharePoint 2013 – Part 2

This is a two part Post where I will explain how to configure Windows Azure Access Control Services and Facebook authentication in SharePoint 2013. To achieve this we need to set up

1. One Facebook Application
2. Adding a Windows Azure Access Control Service
3. Adding the Certificate & Manage Trust in SharePoint
4. Registering  custom ACS in SharePoint using PowerShell

1, 2 & 3 are done in Part 1. This part will cover creating a new web application and registering Custom ACS using PowerShell and making my web application aware of this custom ACS.

Read Part 1:

Step by step walk-through follows:

Step 1: Load Windows PowerShell ISE

Step 2: Execute the command to register custom ACS

///////////////////////////////////////////////////    command begins                   ////////////////////////////

Add-PSSnapin Microsoft.SharePoint.PowerShell -erroraction SilentlyContinue

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(

   "C:\practice\acssts\ACSCertificate.cer")

New-SPTrustedRootAuthority -Name "SP2013 ACS" -Certificate $cert

$map0 = New-SPClaimTypeMapping -IncomingClaimType

   "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"

   -IncomingClaimTypeDisplayName "NameIdentifier" -LocalClaimType

   "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/username"

$map1 = New-SPClaimTypeMapping -IncomingClaimType

   "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider"

   -IncomingClaimTypeDisplayName "IdentityProvider" –SameAsIncoming

$map2 = New-SPClaimTypeMapping -IncomingClaimType

   "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"

   -IncomingClaimTypeDisplayName "Email" -SameAsIncoming

$realm = "https://sp2013/_trust/default.aspx"

$signinurl = "https:// j4sappreference.accesscontrol.windows.net:443/v2/wsfederation"

$ip = New-SPTrustedIdentityTokenIssuer -Name "SP2013 ACS" -Description "SP2013 ACS"  -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map0,$map1,$map2

   -SignInUrl $signinurl -IdentifierClaim $map0.InputClaimType

///////////////////////////////////////////////////    command ends                   ////////////////////////////

Step 3: Registering custom ACS is done and now you go ahead with creating web application

Step 4: Select Trusted Identity provider as SP2013 ACS

Step 5: Click ok and create web application

Step 6: Create a site collection and give primary site collection as your Facebook account

Step 7: load the new site which is SSL enabled

Step 8: You have option to choose between windows and custom ACS

Step 9: You have two more options to try “Windows Live” and “Facebook”

Step 9: Select “Facebook”

Step 10: Click okay and you are done!

Step 11: You can also log in with windows authentication and Windows Live account as well

Don’t forget to leave a comment if it helps you.

Think Big, Start Small

Configuring Windows Azure Access Control Service and Facebook authentication in SharePoint 2013 – Part 1

This is a two part Post where I will explain how to configure Windows Azure Access Control Services and Facebook authentication in SharePoint 2013. To achieve this we need to set up

1. One Facebook Application
2. Adding a Windows Azure Access Control Service
3. Adding the Certificate & Manage Trust in SharePoint
4. Registering  custom ACS in SharePoint using PowerShell

Step by step walk-through follows:

Step 1: Create your Facebook Application

1. Go to https://developers.facebook.com

1.2. Create a new application

Step 2: Create an Access Control Service in Windows Azure

2.1. Login to your window Azure account (https://manage.windowsazure.com)

2.2. Click on “New” => Active Directory => Access Control => Quick Create

2.3. New Access control creation complete and need to be configured

2.4. Click on the access control which is just created (update this URL in the Facebook page for “website with Facebook login” field).  In my case the URL is:

https://j4sappreference.accesscontrol.windows.net/ now, we will set up Identity Provider, Relying party application, Rule groups

2.5. Setting up Identity provider. Identity provider is Facebook and you need to supply your

Facebook application details in the Identity provider Interface. My sample page is given below

2.6. Click on save button. Facebook Identity provider is added successfully. You will see that windows live account is there by default.

2.7. Setting Relying party and the relaying party is SharePoint. Screen shorts are self-explanatory. However note these points

• Realm: <https://sp2013>/_trust
• Token Format: SAML 1.1

2.8. Setting Rule Groups. Double click on “Default rule Group for SP 2013 STS Reference”

2.9. Click on “Generate”

2.10. These are the generated rules

2.11. Need to change the input claim type “nameidentifier” to email id so that we get passthrough “emailed” claim from Facebook as “nameidentifier”

2.12. Below screen shows proper “input claim type” and “output claim type”

2.14. Click on Application Integration

2.14. Copy WS-Federation Metadata End Point URL and paste on the browser

https://j4sappreference.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml . You will see the xml of WS-Federation Metadata

2.15. Save keyinfo as “.cer” file

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

<X509Data>

<X509Certificate>

// key info is what is found here

</X509Certificate>

</X509Data>

</KeyInfo>

2.16 Save this file to your local drive. SharePoint should trust this certificate.

Step 3: Adding the Certificate in SharePoint

3.1 Go to CA => Security => Manage Trust

3.2 Upload the certificate to SharePoint

4. Create a new web application and need to register the same using PowerShell

Read Part 2

Don’t forget to leave a comment if it helps you.

Think Big, Start Small

External Content Type and SharePoint Online - BCS with OData

As of now, SharePoint Online supports only BCS model with OData (Open Data Protocol) Services. So let us see what this OData and how to create an “External Content Type” using Visual Studio 2012 for SharePoint 2013 Online.

What is OData?

The Open Data Protocol (OData) is a Web protocol for querying and updating data that provides a way to unlock your data and free it from silos that exist in applications today. OData does this by applying and building upon Web technologies such as HTTP, Atom Publishing Protocol (Atom Pub) and JSON to provide access to information from a variety of applications, services, and stores.

My development environment:

1. Visual Studio 2012
2. Office Tool For VS 2012  OfficeToolsForVS2012RTW.exe
3. SharePoint Office 365

Consuming OData Data Sources in SharePoint 2013 Online through Business Connectivity Services(BCS).

1. Launch Visual Studio 2012 and create a new project using apps for SharePoint 2013

2. Enter the name of your app for SharePoint, name of the site where to host the apps and how do you want to host your app.

3. This is the structure of our new project

4. To add an external content type, right-click your project and choose “Add a new item”. You will see a new menu item called “Content Types for an External Data Source..”. Click on it.

5. Time to configuring the “External Data Source”. For demo sake we can use a public OData Service provided by http://tv.telerik.com/services/odata.svc/

6. Select data entities for which you want to generate external content types. Also check “Create list instance for the selected entities” option so that an instance will be created automatically when package is deployed to the site.

7. Looking at the structure we can see that “Content Type” and “List Instance” are added to the project

8. Mark up of the “List Instance” created

<?xml version="1.0" encoding="utf-8"?>

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">

 <ListInstance Url="Lists/Videos" Description="Videos" OnQuickLaunch="TRUE" Title="Videos">

   <DataSource>

     <Property Name="LobSystemInstance" Value="TelerikODataDataSouce" />

     <Property Name="EntityNamespace" Value="TelerikTvDataServiceDataServiceModels" />

     <Property Name="Entity" Value="Videos" />

     <Property Name="SpecificFinder" Value="ReadSpecificVideo" />

     <Property Name="MetadataCatalogFileName" Value="BDCMetadata.bdcm" />

   </DataSource>

 </ListInstance>

</Elements>

9. Time to deploy the solution. Right click the project and click on the “Deploy”

10. Browse your site to see the “External List Instance” that is just created by Visual Studio 2012.

11. Click on the List Instance and you will see a page like this

12. View the list of installed apps

13. We can find the newly created “External Content Type” by going to view all contents page of the site.

14. We are done and we can see all items in the List now.

Summary

Working with SharePoint 2013 and OData Model is quite easy. I will find some time in the future to make CRUD options with OData as well. Hope you enjoyed reading it.  Please leave your comment/views when you find it useful that will help me a lot

Ref: http://zimmergren.net/technical/sharepoint-2013-business-connectivity-services-consuming-odata-in-bcs-using-an-app-external-content-type