Configure Apps domain for Trusted Identity Provider Authentication

Similar Messages

• FedAuth cookie not geneatred in SP2013 with SiteMinder as Trusted Identity Provider

  Hello,
  We have configured Site Minder (with SAML 1.1) as trusted identity provider in SP2013. We have mapped  Email Address as claim type. But we found in Fiddler that FedAuth cookie is not getting generated so users are not able to access the site and redirects
  to sign in page again.
  Any help provided here much appreciated.
  Thanks
  Shital

  Hi Shital,
  The default expiration time of the FedAuth cookie is 10 hours, you could change the expiration time of the FedAuth cookie per the link below:
  http://dotnetfollower.com/wordpress/2013/07/sharepoint-how-to-change-the-expiration-time-of-the-fedauth-cookie/ 
  Fiddler you will not be able to see these cookies as they are generated client side.
  http://blogs.msdn.com/b/mcsnoiwb/archive/2012/06/10/lost-authentication-cookies-in-sharepoint.aspx
  If you are using load balancing solution, don’t forget affinity:
  http://blogs.technet.com/b/speschka/archive/2011/10/28/make-sure-you-know-this-about-sharepoint-2010-claims-authentication-sticky-sessions-are-required.aspx
  For more information:
  http://fredericloud.com/2011/01/11/connecting-to-sharepoint-with-claims-authentication/
  Regards,
  Rebecca Tu
  TechNet Community Support

• SharePoint Workflow doesn't send notifications to External Email address when Trusted Identity Provider enabled.

  SharePoint Workflow send the notification to External email address fine but do not work when Trusted Identity Provider/SSO feature Checked. Please Advice!

  Hi,
  I am trying to involve someone familiar with this topic to further look at this issue.
  Regards,
  Rebecca
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Rebecca Tu
  TechNet Community Support

• Configuring weblogic domain for IAM using WLST

  Hi All,
  i have to configure a weblogic domain using wlst(off-line).i am able to do this by using wls.jar template but that domain does not contain all the deployable component which is required for IAM ,IDM.
  I don't know how to set the configuration component which is required for IAM,IDM as asked configuration wizard aske when we use GUI mode and how to give the schema details.
  please give any idea how to configure a domain(for IAM,IDM) using WLST exactly same as GUI mode .
  thanks

  I'm not sure what is your problem, but there is no compatibility issue between CSS and Bind normally.
  The docuement you referenced only says, in the background section, that the DNS server itself needs to be configured so part of your domain is handled by the CSS.
  So, your dns server handles all request for your.domain but there is one NS entry forwarding request for www.your.domain to the CSS so the CSS can answer the dns request.
  The css is not able to handle all types of dns request (ie: email server ip address request) so you can configure a 'dns forwarder' on the css to forward the request to another dns server.
  See the following for dns forwarder config example
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801d3b52.shtml
  Regards,
  Gilles.
  Thanks for rating.

• Configure PDC domain for windows Client

  Hello,
  Forgive my approximate English.
  I need help to install a server Mac with a domain Activate directory ( PDC) so clients Windows connect to it.
  I installed th server Mac Os to create a master Open Directory.
  Mac OS Server has to configure the DNS with host's name.
  The customers Windows 8.1 see the server on the network.
  They indeed answer Ping.
  NSlookup does not return error.
  But when I attempt to configure the domain on the client Windows, it does not find the server. (An error DNS returned?)
  Thank you for your help.

  foossile wrote:
  Thx for your response.
  t is possible then for the Mac Server to supply the following services for clients Windows:
  - File sharing with rights.
  - Management of group user.
  - Possibility of imposing a police of security of password.
  Thank you, it will be everything.
  Yes a Mac server can provide file sharing to Windows users, yes it can set permissions for those files and folders being shared
  No it cannot do the equivalent of Group Policies as used to manage Windows systems
  Yes it can define rules for passwords such as length, how long before it must be changed, how often it can be reused, etc.

• Configure Apps for SharePoint 2013 in dev environment without DNS

  I have a SP 2013 dev env
  http://spitlab/ .I want to configure app store in this environment 
  will I be able to do it without access to a DNS server 
  I followed the below two articles 
  http://www.ashokraja.me/post/Develop-SharePoint-2013-Napa-App-In-Local-Dev-Environment-Configuring-On-Premises-without-DNS.aspx
  I am able to install third party apps but when I click on it . it gets redirected to sfs.in 
  next i try this 
  http://sharepointconnoisseur.blogspot.com/2013/07/shortcut-to-prepare-sharepoint-2013-app.html
  same thing I am able to install 3rd party apps but when i click on it .. it goes to intranet.com 
  so is it possible to install third party apps on a dev box without DNS and check out third party apps and if what steps am i missing ?

  Hi,
  If you click the 3rd party apps and it is redirected to sfs.in or intranet.com, this means you configured app domain correctly.
  You can read the official document per the following first link to understand what app domain is (with DNS configured), app domain format is as bellow image (borrowed from this
  article), and app domain is defined as you want(e.g. ContosoApps.com).
  Without DNS, as your above two articles described, the app domain (e.g. apps.com, or apps.sfs.in) is written manually in hosts file directly, you can construct an app domain as your own, then after you install a custom developed app, it should be the following
  app url format.
  http://technet.microsoft.com/en-us/library/fp161236(v=office.15).aspx
  http://www.ashokraja.me/post/Develop-SharePoint-2013-Napa-App-In-Local-Dev-Environment-Configuring-On-Premises-without-DNS.aspx
  http://sharepointconnoisseur.blogspot.jp/2013/07/shortcut-to-prepare-sharepoint-2013-app.html
  Thanks
  Daniel Yang
  TechNet Community Support

• How to get the Trusted Identity Login Page with the needed parameters to make custom login screen instead of sharepoint Login Page?

  hi guys
  i have configured trusted identity provider for my public facing internet portal, but i dont want to use the login screen
  since i have about 10 site collection which will use this authentication.
  is there a class or property that gives me the url ready with the parameters like "wa" and "wtrealm" and the redirect url based on the place the user click the link from.

  You can create your own login page and specify the URL for it in the authentication provider settings of a Web Application or Zone.  So the easiest way to do what you want would be to extend your existing Web Application to a new Zone, change the login
  Page url to point to use your custom zone, and tell users to use the url of that zone to login with the custom provider you have built.
  If you want a single zone then you will need to modify a copy of the login page you display above and have it redirect to a custom login page for your identity provider if the pick the correct entry in the dropdown.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Configuring apps in sharepoint 2013 onpremises

  Hi,
  we have a lab environment for sharepoint 2013 with
  1) Domain controller (domain : test.local)
  2) SharePoint server { SQL Server 2012 (full install), SharePoint 2013 (full install)}
  Now we would like to configure sharepoint 2013 apps in our environment. In the TechNet blogs and articles ,it says to create a unique domain for the sharepoint apps ... does this mean,we have to create one more domain (one more server)  or just add
  a domain in the DNS and perform the configuration ? 
  Below is the point from the TechNet article :
  When choosing your App domain for each farm, you have 2 options:
  1.Create a new unique domain to host your SharePoint-hosted Apps in, or
  2.Create a sub-domain of the existing domain.
  The recommendation is to create a new unique domain such as contosoapps.com rather than a sub-domain such as apps.contoso.com. 
  If you could help me out with steps for configuring the same .. that would be helpful .

  Hi Suren,
  it does not mean you need to create one more server, you just add a domain forward lookup.
  Yes, the recommendation is create a unique domain which internally gets forwared to your domain.
  You need to configure forward lookup zone for your apps (here in this example contosoapps.com), in layman terms it is just an alias for your existing domains.
  I think you are refering to this URL -
  http://technet.microsoft.com/en-us/library/fp161236.aspx
  and if you have already followed those steps mentioned in Configure the domain names in DNS (all hosting options)
  and go to " To create a wildcard Alias (CNAME) record for the new domain name" 
  and do ping Apps-12345678ABCDEF.yourdomain.com
  to see whether you get reply from above ping.
  The steps that are given in the above link is easy to perform, do let me know where you got stuck.
  Hope this helps!
  Ram - SharePoint Architect
  Blog - SharePointDeveloper.in
  Please vote or mark your question answered, if the reply helps you

• How to create a App domain in sharepoint 2013 without using DNS Manger

  Can we create  AppDomain for Sharepoint Hosted App without using DNS Manager ? In short I have to create App Domain for my local sharepoint environment.

  You cannot create a APPdomain without DNS manager. 
  You can install DNS role on a machine and update your sharepoint server's DNS to consume from this DNS server. APPdomain cannot work without DNS

• Error while configuring the domain "Configure JDBC Component Schema"

  Hi Everyone,
  I have installed SOA Suite 11g on my Win 7 machine 64bit OS and while trying to configure the domain for the WebLogic Server. I fallowed the wizard and everything went well till the JDBC Component Schema window. Here I am able to pass through
  1. BAM Schema- Failed
  2. SOA Infrastructure-Failed
  3. User Messaging Service-Passed
  4. OWSM MDS Schema-Passed
  5. SOA MDS Schema-Passed
  and here is the error that i am facing...
  Component Schema=BAM Schema
  Driver=oracle.jdbc.OracleDriver
  URL=jdbc:oracle:thin:@localhost:1521/XE
  User=DEV_ORABAM
  Password=*******
  SQL Test=select 1 from schema_version_registry where owner=(select user from dual) and mr_type='BAM' and version='11.1.1.2.0'
  CFGFWK-60850: Test Failed!
  CFGFWK-60853: A connection was established to the database but no rows were returned from the test SQL statement.
  Component Schema=SOA Infrastructure
  Driver=oracle.jdbc.xa.client.OracleXADataSource
  URL=jdbc:oracle:thin:@localhost:1521/XE
  User=DEV_SOAINFRA
  Password=*******
  SQL Test=select 1 from schema_version_registry where owner=(select user from dual) and mr_type='SOAINFRA' and version='11.1.1.2.0'
  CFGFWK-60850: Test Failed!
  CFGFWK-60853: A connection was established to the database but no rows were returned from the test SQL statement.
  I googled the error and tried to check whether the Schema_version_registry has any rows are not and initially i don't have any and then I have created table named "Schema_version_registry" and then inserted the values accordingly..
  CREATE TABLE schema_version_registry(owner VARCHAR2(30), mr_type VARCHAR2(10), version VARCHAR2(50));
  INSERT INTO schema_version_registry(owner, mr_type, version) VALUES ('DEV_SOAINFRA','MDS','11.1.1.2.0');
  similarly i did for the DEV_ORABAM but there is no use...........
  I am struck at this position can any please help me out........... please..
  Thanks in advance
  Sorry Guys.. I understood my mistake and change the "mr-type" accordingly... it is successful now..
  Thanks if anyone tried to answer it.......
  Edited by: user10763276 on Oct 10, 2010 5:11 PM

  Hi can anyone please help me ...all the jdbc component schema is failing for me while creating domain.
  please find the log.
  Component Schema=SOA Infrastructure
  Driver=oracle.jdbc.xa.client.OracleXADataSource
  URL=jdbc:oracle:thin:@localhost:1521/XE
  User=sys as sysdba
  Password=*********
  SQL Test=select 1 from schema_version_registry where owner=(select user from dual) and mr_type='SOAINFRA' and version='11.1.1.5.0'
  CFGFWK-60850: Test Failed!
  CFGFWK-60853: A connection was established to the database but no rows were returned from the test SQL statement.
  Component Schema=User Messaging Service
  Driver=oracle.jdbc.OracleDriver
  URL=jdbc:oracle:thin:@localhost:1521/XE
  User=sys as sysdba
  Password=*********
  SQL Test=select 1 from schema_version_registry where owner=(select user from dual) and mr_type='ORASDPM' and version='11.1.1.2.0'
  CFGFWK-60850: Test Failed!
  CFGFWK-60853: A connection was established to the database but no rows were returned from the test SQL statement.
  Component Schema=OWSM MDS Schema
  Driver=oracle.jdbc.OracleDriver
  URL=jdbc:oracle:thin:@localhost:1521/XE
  User=sys as sysdba
  Password=*********
  SQL Test=select 1 from schema_version_registry where
                      owner=(select user from dual) and mr_type='MDS' and
                      version='11.1.1.5.0'
  CFGFWK-60850: Test Failed!
  CFGFWK-60853: A connection was established to the database but no rows were returned from the test SQL statement.
  Component Schema=SOA MDS Schema
  Driver=oracle.jdbc.OracleDriver
  URL=jdbc:oracle:thin:@localhost:1521/XE
  User=sys as sysdba
  Password=*********
  SQL Test=select 1 from schema_version_registry where owner=(select user from dual) and mr_type='MDS' and version='11.1.1.5.0'
  CFGFWK-60850: Test Failed!
  CFGFWK-60853: A connection was established to the database but no rows were returned from the test SQL statement.
  "

• Not able to execute Configure Weblogic Domain script

  Hi Experts,
  I am trying to configure weblogic domain for odi.I have installed odi studio and weblogic server on WINDOWS 2008 SERVER R2 release(64 bit) and jdk - 1.6 update 22 (32 bit)
  When i try to execute config.cmd it fails with following error:
  c:\odi\mw_home\wlserver_10.3\common\bin>config.cmd
  The system cannot find the path specified.
  Please help me figure out what could be the problem.

  Reinstallation fixed the problem.

• Configuring an Environment for Apps in SharePoint 2013 (on premesis)

  Hi,
  I have tried to create an environment for apps in SharePoint 2013.
  I have tried the followed steps:
  Create a new DNS Domain and mapped the Domain for the machine which the SharePoint 2013 Server was installed.
  I started Microsoft SharePoint Foundation Subscription Settings Service SharePoint
  server.
  I started the App Management Services in SharePoint server.
  I have configured the App url in the App catalog
  I have created the new App catalog site
  Using App for SharePoint. I got my app setting there i Can trust the app,
  The main Issue is I cant able to add the app while adding the app i am getting "Sorry Something went wrong" i have tried to troubleshoot the
  error in log file and event log i could not able to fine any errors as noticed on that.T
  Please suggest me to configure using .app file i need to configure an apps into our on premises.
  Thank you. 

  yes i changed my vm and tried i have struggling in these steps now
  I have stared the two service in manage server application
  App Management service
  Microsoft SharePoint Foundation Subscription Settings Service
  I have created the subscription Setting services through Power shell command successfully.
  $account = Get-SPManagedAccount <domain/user>
  $appPoolSubSvc = New-SPServiceApplicationPool -Name SettingsServiceAppPool -Account $account
  $appSubSvc = New-SPSubscriptionSettingsServiceApplication -ApplicationPool $appPoolSubSvc -Name SettingsServiceApp -DatabaseName SettingsServiceChauTeamDB
  $proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $appSubSvc
  And i have checked that the services are started in the managed services application, it started succesfully
  As result when clicking  APPS  >> Configure APP URL  
  Please help me to add a Domain name and 

• Configure an Environment for Apps for SharePoint 2013

  hH,
  We are building QA environment for Sharepoint 2013. For this my management asked me to configure the APPS store. But when i referred the MSDN article, they are suggesting
  " You must purchase a domain name from a domain name provider for your apps, for example, ContosoApps.com."
  Which is not possible in my case as purchasing a new domain requires lot of approvals also this is an QA environment.
  So please suggest on the below points
  1) whats wrong to build a sub domain like APPS.XXXX.COM instead of XXXXAPPS.COM
  2) since it is in a QA environment, is it necessary to have a SSL  ??
  3) is it need to have a different APPS stores for QA & PROD environments.
  Thanks,
  Praveen
  Sharepoint HELP

  Hi Praveen,
  you don't need to buy a domain use your internal DNS
  no need for SSL since it is QA
  i think you mean app catalog, each environment will be having it app catalog
  some other links
  http://blogs.technet.com/b/mspfe/archive/2013/01/31/configuring-sharepoint-on-premise-deployments-for-apps.aspx
  http://www.nothingbutsharepoint.com/2013/02/13/configure-an-environment-for-apps-for-sharepoint-2013-aspx/
  Kind Regards,
  John Naguib
  Senior Consultant
  John Naguib Blog John Naguib Twitter
  Please remember to mark this as answered if it helped you

• Why we need SSL Certificates for configuring App Server in Sharepoint

  Hi Support,
  We are planning to have a separate server for Apps, while configuring the server its asking for certificate. The main scenario is while configuring server inside the same firewall why we need SSL for configuring.
  Could you please let me know the reason why we need SSL for configuring App Server.
  Thanks in Advance,
  Regards,
  Pradeep

  Hi  Pradeep,
  SSL (Secure Sockets Layer) is a transaction security standard that provides encrypted protection between browsers and App Servers. When SSL is enabled for an App Server, browsers communicate with the App
  Server by means of an HTTPS connection, which is HTTP over an encrypted Secure Sockets Layer. HTTPS connections are widely used by banks and web vendors for secure transactions over the web.
  Secure Sockets Layer  is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. This is such a scenario. As a prerequisite
  for configuring Task Synchronization, the computer that is running SharePoint Server must have SSL configured.
  Reference:
  http://blogs.technet.com/b/speschka/archive/2012/09/03/planning-the-infrastructure-required-for-the-new-app-model-in-sharepoint-2013.aspx
  http://corypeters.net/2013/03/ssl-and-sharepoint-2013/
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Unhandled exception was thrown by the sandboxed code wrapper's Execute method in the partial trust app domain

  Hi All,
    I have created a custom web part in VS 2008 for Share point server 2010 with DevExpress v12.2.17, and deployed as Sandboxed solution. when i add that web parts in web part zone i am getting the error as "Web Part Error:
  Unhandled exception was thrown by the sandboxed code wrapper's Execute method in the partial trust app domain: An unexpected error has occurred. ".
  If there is any way to get detailed error either log file or event viewer.
  Kindly advice to find the cause of the problem.
  Thanks,
  Selvakumar.S

  Hello,
  Are you impersonating your code? Have you tried to debug your code by attaching SPUCHostService.exe? if not please do so.
  You also need to check ULS log for more information about this error. Here is one ref link if this could help
  http://sohilmakwana.wordpress.com/2013/11/29/sandbox-error-unhandled-exception-was-thrown-by-the-sandboxed-code-wrappers-execute-method-in-the-partial-trust-app-domain/
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help