Multitenant application authentication in SharePoint Online (O365)

I am able to use OAuth2 to authenticate using the mechanism described here: http://msdn.microsoft.com/en-us/library/azure/dn645542.aspx - my intention is to allow my 3rd party WebApp to allow users to grant access to their SharePoint content via Azure OAuth.
I am able to use the login.windows.net/common/oauth2 endpoints, and having registered my app in Azure, I do indeed get the right callback once the user authentiates, and I am able to post to the token endpoint.
At this point, I have an auth-token that I can use, but I don't know the URL to the user's default (or root) SharePoint site. I am required to provide a 'resource' URI so that authentication can succeed, and if I hard-code this value to a known URL, then
it works like a charm. Unfortunately, this makes my application specific to one particular tenant. Far from ideal...
My question is - how can I detect the SharePoint URL to use as the resource parameter for access to - before the user logs-in? Or even better - is there a way to login using OAuth2 that allows me access to SharePoint endpoints, but which does not require
me to know what the endpoints are ahead of time?
If not, I don't see how it is possible to write multi-tenant applications with this model. I must be missing something. Help!

There are some interesting details on the stack overflow post here: http://stackoverflow.com/questions/27303590/building-a-multi-tenant-app-for-sharepoint-online-o365
Bottom Line : SharePoint Online O365 applications only seem to be viable with hard-coded tenancy URLs - and there does not seem to be a mechanism for discovering a user's root web or site by the time it is required. This seems like a major hole in the multi-tenant
application architecture, or more correctly the Azure login procedure for SharePoint, which has implications on a multi-tenant application.
I am hoping someone has the magic silver bullet out there...

Similar Messages

Error in Application.Run(DisplayLoginForm) and Remote Authentication in SharePoint Online Using the Client Object Model

Hi guys
I Think that is a simple error, but I don’t have enough knowledge in .NET apps.
I make an console app that use Remote Authentication in SharePoint Online Using the Client Object Model, that a I downloaded from MSDN.
This App run ok.
But when I like to make a Windows From App. This component send me an error in Application.Run(DisplayLoginForm)
This err msg :
An unhandled exception of type 'System.InvalidOperationException' occurred in System.Windows.Forms.dll
Additional information: Starting a second message loop on a single thread is not a valid operation. Use Form.ShowDialog instead.
Is there any way to use a form inside a windows form?
Thank in advance
Ramiro
Ramiro B

Hi,
Based on the error message, please do as following:
1. Check your code logic below:
void btn_Click(object sender, System.EventArgs e)
Thread t = new Thread(StartMyForm);
t.TrySetApartmentState(ApartmentState.STA);
t.Start();
public static void StartMyForm()
Application.Run(new MyForm(..));
2.Try to add the following code line in your code.
Application.Restart();
If the issue still exists, please provide your requirement and code for a further research.
Best Regards
Dennis Guo
TechNet Community Support

Split Suite Bar and Ribbon Menu in SharePoint Online / O365

As we all know the suite bar and ribbon menu controls are loaded from a single control. I have a requirement to place a div between suite bar and ribbon menu as shown in the image. Is it possible in SharePoint Online / O365?
Current suite bar and ribbon menu control(HTML Master Page Template)
<div id="ms-designer-ribbon">

<div id="TurnOnAccessibility" style="display:none" class="s4-notdlg noindex">
<a id="linkTurnOnAcc" href="#" class="ms-accessible ms-acc-button" onclick="SetIsAccessibilityFeatureEnabled(true);UpdateAccessibilityUI();document.getElementById('linkTurnOffAcc').focus();return
false;">


</a>
</div>
<div id="TurnOffAccessibility" style="display:none" class="s4-notdlg noindex">
<a id="linkTurnOffAcc" href="#" class="ms-accessible ms-acc-button" onclick="SetIsAccessibilityFeatureEnabled(false);UpdateAccessibilityUI();document.getElementById('linkTurnOnAcc').focus();return
false;">


</a>
</div>

<div class="DefaultContentBlock" style="background:rgb(0, 114, 198); color:white; width:100%; padding:8px; height:64px; ">In true previews of your site, the SharePoint
ribbon will be here.</div>
</div>



Actual Requirement

Hi,
According to your description, my understanding is that you want to do customization in SharePoint Online with the requirement above.
For the first question, continue to Scott, you can read the rss feed, the rss feed effectively contains the items from the list, you can read the list using Client Object Model to get RSS feed.
For the second question, if you want to get current log in profile in my site, then you can try to use user profile rest api to get it.
User profiles REST API reference
For the third question, if you want to deploy the announcement app from on-premise to Online, if it's OOTB app, then it's not necessary, SharePoint Online have the announcement app as well.
For the fourth question, if the CapIQ is a customize solution, I suggest you can use SharePoint hosted app to publish to the SharePoint online site.
How to: Publish an app for SharePoint by using Visual Studio
For the fifth question, if you want to upload the questions not create in site to the survey, you can use Client Object Model to create the questions.
Here is a similiar thread for your reference:
Importing
Questions into a Sharepoint Survey
For the sixth question, if the information is stored in the list, then you can read the list using Client Object Model and it's better to create a SharePoint hosted app to achieve it.
More information:
How to: Create a basic SharePoint-hosted app
Retrieve list item
Thanks
Best Regards
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

Authentication with SharePoint Online

Hi
I have a win32 C++ application which is able, using NTLM authentication, to call the different SharePoint web services (lists, copy, etc) in a local SharePoint installation. This is done by building XML SOAP requests at runtime and HTTP posting.
This approach does not work with SharePoint Online and I was wondering if it was possible to make the existing code work without a total rewrite.
I have experience with OAuth 2 as I have previously integrated to OneDrive, Google Drive, Dropbox etc. using their REST web service api.
Is it also possible to use OAuth 2 with SharePoint Online and the web services in a similar fashion? Have refresh tokens and exchanging them for access tokens which are sent to server in post.
I have tried playing around with it, creating an app in the Microsoft Seller Dashboard and tried using client id with OAuthAuthorize.aspx, but getting error 'The clientId 'xxx'
is not a valid service identity.". No idea what that means.
Am I going the wrong way and can someone point me in the right direction?
Thanks!

Hi,
In order to access SharePoint Online via REST API, we can use SharePointOnlineCredentials object to pass the authentication.
Here’s a code sample that connects to the REST API:
var creds = new SharePointOnlineCredentials(SPO_USERNAME, StringUtilities.ToSecureString(SPO_PASSWORD));
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(SPO_URL + "/_api/web/lists");
request.Credentials = creds;
request.Method = "GET";
request.Accept = "application/json;odata=verbose";
request.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED: f");
var response = (HttpWebResponse)request.GetResponse();
using (var reader = new System.IO.StreamReader(response.GetResponseStream()))
Console.WriteLine(reader.ReadToEnd());
More information:
http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.client.sharepointonlinecredentials(v=office.15).aspx
http://sharepointtaproom.com/2014/01/23/connecting-to-sharepoint-onlines-csom-or-rest-apis-from-sharepoint-2010/
http://sergeluca.wordpress.com/2009/08/31/calling-sharepoint-dlls-from-c-code/
Best regards
Dennis Guo
TechNet Community Support

Creating anonymous guest link to images/documents programmatically Sharepoint Online O365

I need to be able to create an anonymous guest link to images or documents programmatically using c# SharePoint web services or something similar. Does anyone know if this can be done if so how? essentially this means creating the guest access token
programmatically ..
If somebody know how to do his it would be much appreciated ?
Thanks in advance

Hi,
The method you posted seems to the trick it creates to anynonymus links like I was expecting. However interesting scenario has come up when I copy and paste the link in to a normal web browser (desktop or laptop) everything works as expected, but
I when I try the link on a mobile web browser I get the prompt asking me to log in to office 365 not sure why that would be any suggestions ??

Security flaw-To use CSOM/Javascript code for Custom Office365(Sharepoint Online) application

Hi,
I've developed custom application in Office365(Sharepoint Online) using CSOM/Javascript. Security team from client side has been reported one major issue to the our application that any end user can comment our CSOM/Javascript code and bypass the validation
or can update / insert into sharepoint list item using developer tool/ Console in Google Chrome(F12 Key).
Also end user can write his own separate code in console of Google Chrome (Developer Tool / F12) and can update / insert into Sharepoint List.
Note:- End user has Add, Edit, View permission on all Sharepoint List.
This is one major security flaw of the Sharepoint/Office365 to use CSOM /Javascript for writing code, to overcome this issue could you please provide me some solution.
Your help would be greatly appreciated!!!
Looking for reply.
Thanks,
Mahesh Sherkar
Web: http://Mahesh-Sherkar.com
Email: [email protected]

Hello Paras,
Did you get any solution for this? I think your website was implemented this form. Can you please tell me the way how I can achieve it? I am also facing same problem. Please reply me as early as possible.
Thanks,
Mihir

Single Sign On and SharePoint Online. Why so much re-authentication?

We are migrating to SharePoint Online 2013. Much of the organization is already on o365 for Exchange and Linq.
Most clients are Windows 7 using IE 11.
From what I understand there is an AD to ADFS sync and a custom SSO login page that accepts our enterprise user and passwords.
Looking at this, a few dumb questions:
http://technet.microsoft.com/en-us/library/hh852486.aspx
In our organization, authenticating into our desktops and network does not automatically authenticate us into o365, Exchange, Linq or SharePoint Online. Furthermore, Authetnicating into Exchange and Linq, does not automatically authenticate me
into SharePoint Online. I can create a map to SharePoint Document library while HTTP authenticated into SPO, but if reboot and log into our network and then Exchange/Linq and attempt to access that map the SPO library I get an error. If I then
authenticate into SPO, the map works again.
These are all MS products and technologies. Are these gaps in SSO normal and expected or are these limitation in our organization?
What would it take to seamlessly have access to SPO resources automatically after authenticating into our AD network?
Any chance MS SSO can work like a ChromeBook login, where all Google resource are automatically available without prompt for authentication?

The problem is that the cookie/token for SPO expires. You need to periodically login there to renew it. Using a smart link to authenticate directly to SPO and get a persistent cookie will help:
http://samhandle.no/2014/06/24/sharepoint-online-with-webdav-and-sso/
You will still have to open SPO even with the above setup, but a lot less frequently. If you keep running into issues with mapped drives, refer to this article:
http://support.microsoft.com/kb/2616712

Powershell Error for SharePoint Online -"The remote server returned an error: (407) Proxy Authentication Required."

I am trying to call sharepoint online from powershell. Below is the code. I get
Exception calling "ExecuteQuery" with "0" argument(s): "The remote server returned an error: (407) Proxy Authentication Required."
$loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
$webUrl = "ZZZZ"
$username = "XXX"
$password = "YYYY"
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
$web = $ctx.Web
$lists = $web.Lists
$ctx.Load($lists)
$ctx.ExecuteQuery()
$lists| select -Property Title
Raj-Shpt

Hi,
About how to access SharePoint online site using PowerShell, the blog below would be helpful:
http://social.technet.microsoft.com/wiki/contents/articles/29518.csom-sharepoint-powershell-reference-and-example-codes.aspx
Another two demos for your reference:
http://www.hartsteve.com/2013/06/sharepoint-online-powershell/
http://www.sharepointnutsandbolts.com/2013/12/Using-CSOM-in-PowerShell-scripts-with-Office365.html
Thanks
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

Which is better approach to manage sharepoint online - PowerShell Script with CSOM or Console Application with CSOM?

Which is better approach to manage sharepoint online - PowerShell Script with CSOM or Console Application with CSOM?
change in sharepoint scripts not require compilation but anything else?

Yes, PowerShell is great, since you can quick change your code without compilation.
SP admin can write ps scripts without specific tools like Visual Studio.
With powershell you can use cmdlets,
which could remove a lot of code, for example restarting a service.
[custom.development]

SharePoint Online Authentication using LiveId

Good evening.
I'm trying to use client side object model to perform operation on a SharePoint Online site.
using (var context = new ClientContext("https://xxxx.sharepoint.com/sites/xxxx"))
var passWord = new SecureString();
foreach (var c in "xxxxx.1") passWord.AppendChar(c);
context.Credentials = new SharePointOnlineCredentials("[email protected]", passWord);
var web = context.Web;
var newFile = new FileCreationInformation { Content = System.IO.File.ReadAllBytes(fileName), Url = Guid.NewGuid().ToString() + Path.GetExtension(fileName) };
var docs = web.Lists.GetByTitle("Documents");
docs.RootFolder.Files.Add(newFile);
context.ExecuteQuery();
Console.WriteLine(newFile.Url);
Well, this code works fine if I use federated user or email address like [email protected]
But I want to use CSOM using a LiveId that already has been invited on this site.
Any ideas?
Thanks,
Sergio
Regards,
Bubu
http://zsvipullo.blogspot.it
Please mark my answer if it helped you, I would greatly appreciate it.

Hi Sergio Russo,
I haven’t seen samples to call SharePoint online CSOM with external user account, the following article shows how active authentication works in Office 365 SharePoint online:
http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx
For this issue, please in the Office 365 SharePoint online forum would be more professional on this, please go to that forum for more information:
http://community.office365.com/en-us/f/default.aspx
Thanks,
Qiao Wei
TechNet Community Support

O365 SharePoint Online. Search no longer working. Where exactly are crawl logs?

On o365/SharePoint Online 2013
A few weeks Search stopped working on existing sites in SPO. New site seem to index fine. We can't find files and list entries inside doc libs and lists now.
I'm looking at Search Settings in o365 and have added myself to have access to Crawl logs,
but where are they in SPO?
We've tried re-indexing sites, but it has not helped.
All search settings are the default, and I don see any exclusion of sites.
Also, can somebody tell me what the typical turn around time is for expecting a document just added to show up on Search?

Hi,
According to your post, my understanding is that you wanted to see the crawl log in the SharePoint online.
Per my experience, the users in the security group can view the crawl log data via the
eDiscovery portal to check whether crawled content was successfully added to the search index, or whether indexing failed because of an error.
For more information, you can refer to the following article.
http://office.microsoft.com/en-001/office365-sharepoint-online-enterprise-help/crawl-log-permissions-HA103675567.aspx
As this is the forum for the SharePoint server, I recommend you can post your question to the forum for SharePoint Online:
http://community.office365.com/en-us/forums/154.aspx.
More experts will assist you, then you will get more information relation to SharePoint Online.
Thank you for your understanding and support.
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support

Issue in adding new items to a O365 SharePoint Online List having lookup columns (Client Object Model)

I have two Lists i.e. Publisher and Products in my SharePoint Online site. They are having the following structures:
1. Publisher:
Publisher (Single line of txt)
     A1
     A2
     A3
     A4
     A5
     A6
2. Products:
Publisher (lookup to the above column)
ProductName (Single line of txt)
     A1                                                                   Apple
     A2                                                                   Samsung
     A3                                                                   Nokia
And I have an excel file named Products.xlsx in my local machine which has the following data:
Publisher        ProductName
     A1                   Apple
     A2                   Samsung
     A3                   Nokia
     A4                   Motorola
     A5                   LG
     A6                   HTC
Now I have written the below client-side (CSOM) code to fetch the data from the Excel and update the corresponding fields in the Products table:
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Web;
using System.IO;
using System.Data;
using System.Data.OleDb;
using System.Data.SqlClient;
using System.Linq;
using System.Text;
using System.Xml.Linq;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Client;
using File =
Microsoft.SharePoint.Client.File;
using System.Security;
namespace ExcelToSP
    public class
ExcelToSP
        //Main function to get the command line values and invoke the getSPList function to pull SP List data
        public
static void Main(string[] args)
            //Instantiate Class object
            ExcelToSP p
= new ExcelToSP();
            try
                p.LoadExcelData();
//Exit with Sucess code
Environment.Exit(0);
            catch
(Exception ex)
//Invoke writeErrorLog function to log the exception details
//p.WriteErrorLog(ex);
        public
void LoadExcelData()
            try
            string fileName
= @"E:\Products.xlsx";
            string fileExtension
= Path.GetExtension(fileName).ToUpper();
            string connectionString
= "";
             if
(fileExtension == ".XLS")
                connectionString
= "Provider=Microsoft.Jet.OLEDB.4.0;Data Source='"
+ fileName + "'; Extended Properties='Excel 8.0;HDR=YES;'";
            else
if (fileExtension ==
".XLSX")
                connectionString
= "Provider=Microsoft.ACE.OLEDB.12.0;Data Source='"
+ fileName + "';Extended Properties='Excel 12.0 Xml;HDR=YES;'";
            if
(!(string.IsNullOrEmpty(connectionString)))
string[] sheetNames =
GetExcelSheetNames(connectionString);
if ((sheetNames !=
null) &&
(sheetNames.Length
> 0))
DataTable dt = null;
OleDbConnection con =
new OleDbConnection(connectionString);
OleDbDataAdapter da =
new OleDbDataAdapter("SELECT * FROM ["
+ sheetNames[0]
+ "]", con);
                    dt
= new DataTable();
                    da.Fill(dt);
InsertIntoList(dt,"Products");
            catch
(Exception ex)
throw ex;
        private
string[] GetExcelSheetNames(string strConnection)
            var connectionString
= strConnection;
            String[] excelSheets;
            using
(var connection =
new OleDbConnection(connectionString))
                connection.Open();
var dt = connection.GetOleDbSchemaTable(OleDbSchemaGuid.Tables,
null);
if (dt ==
null)
return null;
                excelSheets
= new String[dt.Rows.Count];
int i = 0;
// Add the sheet name to the string array.
foreach (DataRow row
in dt.Rows)
                    excelSheets[i]
= row["TABLE_NAME"].ToString();
                    i++;
            return excelSheets;
        private
void InsertIntoList(DataTable listTable,
string ListName)
            try
string username = "[email protected]";
string pwd = "contoso@1234";//this.Dts.Variables["password"].Value.ToString();
ClientContext clientContext =
new ClientContext("https://contoso.sharepoint.com/teams/myPOC/");
SecureString password =
new SecureString();
char[] decryptpwd = pwd.ToCharArray();
foreach (char c
in decryptpwd)
                    password.AppendChar(c);
                clientContext.Credentials
= new SharePointOnlineCredentials(username, password);
                clientContext.ExecuteQuery();
//Setting SiteURL Client context
Web web = clientContext.Web;//
                clientContext.Load(web);
                clientContext.ExecuteQuery();
List lstProductFamily = web.Lists.GetByTitle("Products");
for (int iRow
= 0; iRow < listTable.Rows.Count; iRow++)
ListItemCreationInformation itemCreateInfo =
new ListItemCreationInformation();
ListItem newItem = lstProductFamily.AddItem(itemCreateInfo);
//FieldLookupValue flv = newItem["Publisher"] as FieldLookupValue ;
//string lkup = flv.LookupValue;
//int valueid = 0;
//valueid = flv.LookupId;
                    newItem["Publisher"]
= Convert.ToString(listTable.Rows[iRow][0]);
                    newItem["ProductName"]
= Convert.ToString(listTable.Rows[iRow][1]);
                    newItem.Update();
                    clientContext.ExecuteQuery();
            catch
(Exception ex)
throw ex;
But I'm getting the following error on running the above code "Invalid data has been used to update the list item. The field you are trying to update may be read only."
Can anybody please help me out?

Hi,
According to your description, my understanding is that you want to update data to look up field.
I have a test about updating look up field using Client Object Model in my environment. lookup field will accept an array to set the field value.
Here is the code snippet:
Microsoft.SharePoint.Client.ClientContext ctx = new ClientContext("http://sp2013sps/sites/test/");
if (ctx != null)
List list = ctx.Web.Lists.GetByTitle("List3");
ListItem itemToUpdate = list.GetItemById(1);
ctx.Load(itemToUpdate);
ctx.ExecuteQuery();
FieldLookupValue newLookUpField = new FieldLookupValue();
newLookUpField.LookupId = 3;
FieldLookupValue newLookUpField1 = new FieldLookupValue();
newLookUpField1.LookupId = 4;
FieldLookupValue[] newarr = { newLookUpField, newLookUpField1 };
itemToUpdate["lookup"] = newarr;
itemToUpdate.Update();
ctx.Load(itemToUpdate);
ctx.ExecuteQuery();
Best regards
Patrick Liang
TechNet Community Support

What are the possibilities and limitation of using Out of the box content search webpart on SharePoint Online 2013/O365 ?

Hi All,
We are migrating from on-premise SharPoint 2010 to SharePoint online 2013.
I have few questions below:
What are the possibilities and limitations of using Out of the box content search webpart?
Also, how the cross site publishing will work in SharePoint online something with managed navigations and product catalog apporach? if it is not supported, then what are the alternatives to acheive the same?
Appriciate any commnets/clarifications.Thanks in advance.
Thanks,
Dhananjay.

Here are the possibilities of Content search webparts
http://office.microsoft.com/en-in/office365-sharepoint-online-enterprise-help/configure-a-content-search-web-part-in-sharepoint-HA104119042.aspx
http://office.microsoft.com/en-in/office365-sharepoint-online-enterprise-help/when-to-use-the-content-query-web-part-or-the-content-search-web-part-in-sharepoint-HA104206662.aspx
Compare the strengths and limitations of the Web Parts
It’s important that you understand the strengths and limitations of the two Web Parts because if you choose the wrong one, your site could run into performance problems. You can use both Web Parts to show content that is based on a query. In a simplified
world, here’s how you can decide between the two:
Use the CQWP when you have a limited amount of content, your query is simple, and you don’t expect your content to grow much in the future.
Use the CSWP in all other scenarios when you want to show content that is based on a query.
The table below gives a comparison of the two Web Parts:
Web Part behavior
Content Query Web Part
Content Search Web Part
Query configuration
Easy
You’ll need to know about certain search features such as
managed properties.
Query across large amounts of content
Limited
Yes
Handle complex queries
Limited
Yes
Scale to handle future content growth
Limited
Yes
Display content from other site collections
No
Yes (see
section below)
Design of query results can be customized
Yes, by using XSLT.
Yes, by using HTML.
Maintenance cost in a complex site architecture
High
Small (see
section below)
Narrow down the query results that are displayed in the Web Part
No
Yes, in combination with the
Refinement Web Part.
It was not there previously but then it was added to Office 365
http://blogs.office.com/2013/10/29/search-innovations-for-site-and-portal-design-in-sharepoint-online/
If this helped you resolve your issue, please mark it Answered

ADFS SSO and SharePoint 2013 on-premise Hybrid outbound search results from SharePoint Online - does it work?

Hi,
I want to setup an outpund hybrid search for SharePoint 2013 on-premise to SharePoint Online.
But I'm not shure if this works with ADFS SSO.
Has somebody experience with this setup?
Here's my guide which I'm going to use for this installation:
Introduction
In this post I'll show you how to get search results from your SharePoint Online in your SharePoint 2013 on-premise search center.
Requirements
User synchronisation ActiveDirectory to Office 365 with DirSync
DirSync password sync or ADFS SSO
SharePoint Online
SharePoint 2013 on-premise
Enterprise Search service
SharePoint Online Management Shell
Instructions
All configuration will be done either in the Search Administration of the Central Administration or in the PowerShell console of your on-premise SharePoint 2013 server.
Set up Sever to Server Trust
Export certificates
To create a server to server trust we need two certificates.
[certificate name].pfx: In order to replace the STS certificate, the certificate is needed in Personal Information Exchange (PFX) format including the private key.
[certificate name].cer: In order to set up a trust with Office 365 and Windows Azure ACS, the certificate is needed in CER Base64 format.
First launch the Internet Information Services (IIS) Manager
Select your SharePoint web server and double-click Server Certificates
In the Actions pane, click Create Self-Signed Certificate
Enter a name for the certificate and save it with OK
To export the new certificate in the Pfx format select it and click Export in the Actions pane
Fill the fields and click OK Export to: C:\[certificate
name].pfx Password: [password]
Also we need to export the certificate in the CER Base64 format. For that purpose make a right-click on the certificate select it and click on View...
Click the Details tab and then click Copy to File
On the Welcome to the Certificate Export Wizard page, click Next
On the Export Private Key page, click Next
On the Export File Format page, click Base-64 encoded X.509 (.CER), and then click Next.
As file name enter C:\[certificate
name].cer and then click Next
Finish the export
Import the new STS (SharePoint Token Service) certificate
Let's update the certificate on the STS. Configure and run the PowerShell script below on your SharePoint server.
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# import it
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $PfxCert
Type Yes when prompted with the following message.
You are about to change the signing certificate for the Security Token Service. Changing the certificate to an invalid, inaccessible or non-existent certificate will cause your SharePoint installation to stop functioning. Refer
to the following article for instructions on how to change this certificate: http://go.microsoft.com/fwlink/?LinkID=178475. Are you
sure, you want to continue?
Restart IIS so STS picks up the new certificate.
& iisreset
& net stop SPTimerV4
& net start SPTimerV4
Now validate the certificate replacement by running several PowerShell commands and compare their outputs.
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
# get the encrypted pfx certificate object
New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# compare the output above with this output
(Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
[/code]
## Establish the server to server trust
[code lang="ps"]
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
Import-Module MSOnline
Import-Module MSOnlineExtended
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# set the onpremise domain that you added to Office 365
$SPCN = "sharepoint.domain.com"
# your onpremise SharePoint site url
$SPSite="http://sharepoint"
# don't change this value
$SPOAppID="00000003-0000-0ff1-ce00-000000000000"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# get the raw data
$PfxCertBin = $PfxCert.GetRawCertData()
# create a new certificate object
$X64Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
# import the base 64 encoded certificate
$X64Cert.Import($X64CertPath)
# get the raw data
$X64CertBin = $X64Cert.GetRawCertData()
# save base 64 string in variable
$CredValue = [System.Convert]::ToBase64String($X64CertBin)
# connect to office 3656
Connect-MsolService
# register the on-premise STS as service principal in Office 365
# add a new service principal
New-MsolServicePrincipalCredential -AppPrincipalId $SPOAppID -Type asymmetric -Usage Verify -Value $CredValue
$MsolServicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $SPOAppID
$SPServicePrincipalNames = $MsolServicePrincipal.ServicePrincipalNames
$SPServicePrincipalNames.Add("$SPOAppID/$SPCN")
Set-MsolServicePrincipal -AppPrincipalId $SPOAppID -ServicePrincipalNames $SPServicePrincipalNames
# get the online name identifier
$MsolCompanyInformationID = (Get-MsolCompanyInformation).ObjectID
$MsolServicePrincipalID = (Get-MsolServicePrincipal -ServicePrincipalName $SPOAppID).ObjectID
$MsolNameIdentifier = "$MsolServicePrincipalID@$MsolCompanyInformationID"
# establish the trust from on-premise with ACS (Azure Control Service)
# add a new authenticatio realm
$SPSite = Get-SPSite $SPSite
$SPAppPrincipal = Register-SPAppPrincipal -site $SPSite.rootweb -nameIdentifier $MsolNameIdentifier -displayName "SharePoint Online"
Set-SPAuthenticationRealm -realm $MsolServicePrincipalID
# register the ACS application proxy and token issuer
New-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/metadata/json/1/" -DefaultProxyGroup
New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/metadata/json/1/" -IsTrustBroker -Name "ACS"
Add a new result source
To get search results from SharePoint Online we have to add a new result source. Run the following script in a PowerShell ISE session on your SharePoint 2013 on-premise server. Don't forget to update the settings region
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# region settings
$RemoteSharePointUrl = "http://[example].sharepoint.com"
$ResultSourceName = "SharePoint Online"
$QueryTransform = "{searchTerms}"
$Provier = "SharePoint-Remoteanbieter"
# region settings end
$SPEnterpriseSearchServiceApplication = Get-SPEnterpriseSearchServiceApplication
$FederationManager = New-Object Microsoft.Office.Server.Search.Administration.Query.FederationManager($SPEnterpriseSearchServiceApplication)
$SPEnterpriseSearchOwner = Get-SPEnterpriseSearchOwner -Level Ssa
$ResultSource = $FederationManager.GetSourceByName($ResultSourceName, $SPEnterpriseSearchOwner)
if(!$ResultSource){
Write-Host "Result source does not exist. Creating..."
$ResultSource = $FederationManager.CreateSource($SPEnterpriseSearchOwner)
$ResultSource.Name = $ResultSourceName
$ResultSource.ProviderId = $FederationManager.ListProviders()[$Provier].Id
$ResultSource.ConnectionUrlTemplate = $RemoteSharePointUrl
$ResultSource.CreateQueryTransform($QueryTransform)
$ResultSource.Commit()
Add a new query rule
In the Search Administration click on Query Rules
Select Local SharePoint as Result Source
Click New Query Rule
Enter a Rule name f.g. Search results from SharePoint Online
Expand the Context section
Under Query is performed on these sources click on Add Source
Select your SharePoint Online result source
In the Query Conditions section click on Remove Condition
In the Actions section click on Add Result Block
As title enter Results for "{subjectTerms}" from SharePoint Online
In the Search this Source dropdown select your SharePoint Online result source
Select 3 in the Items dropdown
Expand the Settings section and select "More" link goes to the following URL
In the box below enter this Url https://[example].sharepoint.com/search/pages/results.aspx?k={subjectTerms}
Select This block is always shown above core results and click the OK button
Save the new query rule

Hi Janik,
According to your description, my understanding is that you want to display hybrid search results in SharePoint Server 2013.
For achieving your demand, please have a look at the article:
http://technet.microsoft.com/en-us/library/dn197173(v=office.15).aspx
If you are using single sign-on (SSO) authentication, it is important to test hybrid Search functionality by using federated user accounts. Native Office 365 user accounts and Active Directory Domain Services
(AD DS) accounts that are not federated are not recognized by both directory services. Therefore, they cannot authenticate using SSO, and cannot be granted permissions to resources in both deployments. For more information, see Accounts
needed for hybrid configuration and testing.
Best Regards,
Eric
Eric Tao
TechNet Community Support

Is Office Home and Business 2013 fully compatible with Sharepoint Online (Office 365)?

My client recently upgraded 3 Windows 7 PCs (2-32 & 1-64-bit OS) from Office 2007 32-bit (which was actually working fine against Exchange/SharePoint Online) to Office Home and Business 2013 (32-bit)
Now, for all 3 PCs, while Office 2013 Word/Excel can open, check out/in, and save SharePoint Online files, there is ALWAYS a 2 minute delay in closing the file which is apparently waiting for the Local Security Authority call to return. This seems
to indicate an issue related to SharePoint security on the client side.
Problem Event Name: AppHangXProcB1
Application Name:
WINWORD.EXE
Application Version:
15.0.4657.1000
Waiting on Application Name:
lsass.exe:lsasspirpc
This is the Local Security Authority Security Support Provider Interface Remote Procedure Call (LSA SSPI RPC)
My client has 66 licenses for SharePoint Online (Plan 2) and 73 Exchange Online (Plan 1) "stand alone" services. The same failure is happening on 3 Win 7 PCs. All of which I've carefully reviewed against the MS Office trouble shooting guides (start
Windows OS w/out non-MS services, Word/Excel safe mode w/out add-ons, O365 readiness checks, Office repair, etc.). We have PCs running Win 7 (32 & 64-bit) w/Office 365 ProPlus & Office Professional Plus 2013 that work fine. it's JUST these 3 Win 7
PCs that were upgraded from Office 2007 to Office Home and Business 2013 that have the 2 min. SharePoint file close time.
Can you please confirm that Office Home and Business 2013 is compatible w/SharePoint Online
at least for Excel and Word?
The "slow close" problem can be demonstrated on multiple site collections/sub sites and w/Excel & Word docs in doc libs and lists
After many hours capturing information, following the MS Office trouble shooting guides, and repairing the Office install, I've had no luck in resolving this.While Word/Excel will eventually close SharePoint Online files after about
2 minutes, this is certainly unacceptable. Otherwise, locally stored files close normally and new files were created by the Office 2013 Excel/Word for this testing.
Any thoughts or guidance would be appreciated.

Hi raygabe,
I couldn't find the document mentioned there is any compatibility between Office365 SharePoint online and Office Home and Business 2013 version, I would recommend that you check if the issue could be reproduced on other Win7 machines installed with Office
Home and Business 2013 installed directly instead of upgrading from Office2007, see if issue is related to Office application upgrade.
I also recommend that you post this issue on our dedicated Office365 SharePoint online forum and Office 2013 forum for a better assistance with more experts regarding this issue from the following links.
http://community.office365.com/en-us/f/154.aspx
https://social.technet.microsoft.com/Forums/office/en-us/home?category=officeitpro
Thanks,
Daniel Yang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you havefeedback for TechNet Subscriber Support, contact [email protected]
Daniel Yang
TechNet Community Support

Multitenant application authentication in SharePoint Online (O365)

Similar Messages

Maybe you are looking for