Multiple webapplications using same STS?

Question

I have set up and SP 2010 web application with claims based authentication with simple, custom STS. How can I connect another web application to the same STS?

For my first web application I used a sample powershell script, but when I try to reuse it (after changing name, description and realm) of SPTrustedIdentityTokenIssuer, I'm getting New-SPTrustedIdentityTokenIssuer : Exception of type 'System.ArgumentException' was thrown.

Thanks in advance ;)

Answer 1

You don't have to reconfigure the SPTrustedIdentityTokenIssuer or create an additional one. Just connecting your other web applications to the same trusted identity provider should do the trick.

Answer 2

You have to add your custom STS to the new web application in

Central Admin > Application Management > Manage Web Applications

. Then select your new web application and click the Authentication Providers button. Choose your zone to update, and then you should see your custom STS listed in the Claims Authentication Types. After this, you have to add your new site to the realm via PowerShell. Something along the lines of:

$ap = Get-SPTrustedIdentityTokenIssuer -Identity "Your Custom STS"

$uri = new-object System.Uri("http://www.something.com")

$ap.ProviderRealms.Add($uri, "http://www.something.com/_trust/")

$ap.Update()