How Do I Configure the SharePoint 2010 Security Token Service for Use By Another Web Application?

Question

I am trying to configure the SharePoint Security Token Service on SharePoint 2010 so that another non-SharePoint web application can use SharePoint for authentication (SSO). The only instructions I have found are on this TechNet article: http://technet.microsoft.com/en-us/library/ee731989.aspx. However, it isn't complete and I have questions.

On step 5, it asks for a certificate file. What certificate?

On step 7, it sets the realm to the computer name I am running the command on. If this is a load-balanced environment, do I replace it with the URL that is being load balanced or just use the computer name?

On step 8, it has "FederationPassive" in the SignInUrl. Is that automatically setup when I create the SharePoint web application for this or is this something I will need to setup.

On step 9, it has "-ClaimsMappings $map1[,$map2..]". These variables were never defined and thus fails because they are null. What am I supposed to do here?

I am not concerned with the portion of getting the other application to consume the authentication provided by SharePoint STS as that is being setup by someone else. I just need to get the service configured on my end so that it can be utilized by the third-party.

Thanks!

Answer 1

SharePoint does not perform authentication. What you are trying to do is not possible. The page you reference is for configuring SharePoint web applications.

Microsoft's single sign-on approach is based on ADFS2.0. I recommend you deploy ADFS and configure SharePoint and your other application to both delegate authentication to it.