1. Sharepoint installations

1.1. Install new wsp:
Add-SPSolution -LiteralPath ...\idpsp.wsp
Install-SPSolution -Id idpsp.wsp -Web https://taloyhtio.mobimus.com -GAC

1.x. Update wsps:
Update-SPSolution -Id CondoAutomation.wsp -LiteralPath ...\CondoAutomation.wsp -GAC
Update-SPSolution -Id OwnProfile.wsp -LiteralPath ...\OwnProfile.wsp -GAC
Update-SPSolution -Id ControlPanel.wsp -LiteralPath ...\ControlPanel.wsp -GAC
Update-SPSolution -Id ResponsiveLayout.wsp -LiteralPath ...\ResponsiveLayout.wsp -GAC

1.x. Ensure that following lines added to SafeControls section in both Windows and FBA web.configs:
<SafeControl Assembly="Taloyhtio.IDP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ecbf947198042521" Namespace="Taloyhtio.IDP.BannerWebpart" TypeName="*" Safe="True" />
<SafeControl Assembly="Taloyhtio.IDP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ecbf947198042521" Namespace="Taloyhtio.IDP.CodeFiles" TypeName="*" Safe="True" />

1.x. Install new features:
Install-SPFeature -Path CondoAutomation_Taloyhtio.FlatDocumentsDoclib
Install-SPFeature -Path CondoAutomation_Taloyhtio.FlatRepairHistoryList
Install-SPFeature -Path idpsp_Taloyhtio.IDP.BannerWebpart
Install-SPFeature -Path idpsp_Taloyhtio.IDP.CustomAction

1.x. Run update plugins:
CondoUpdate.IDP.AddFlatsArtifacts.dll
CondoUpdate.IDP.AddUserFlatsApproversList.dll (PMC level)
CondoUpdate.IDP.AddIDPManagementMenu.dll (PMC level)
CondoUpdate.IDP.AddAuthenticationBannerWebPart (BannerWebpart.webpart should be added to update tool folder)

1.x. Make new backup for /template2 pmc

1.x. Under root site collection create /IDP sub site:
- Go to site settings > Site permissions and break permission inheritance
- Create 3 new groups: IDP Visitors, IDP Members, IDP Owners
- Add all_fba_users to IDP Visitors group (under FBA zone)

1.x. Go to "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\TEMPLATE\LAYOUTS\Taloyhtio\IDP\spapi\" and add web.config with the following content.
Set allowedUserIdentities app setting value to account of Web API app pool (in Windows CLAIMS format. In most cases it can be "sharepoint\system").
Also add other accounts which will need access to run flats import tool there - divided by semicolon ";":
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <!-- use account of web api app pool here -->
    <add key="allowedUserIdentities" value="..." />
  </appSettings>
</configuration>

1.x. Add the following sections to FBA web.config:
  <configSections>
    ...
    <section name="IdpSettings" type="System.Configuration.DictionarySectionHandler" />
  </configSections>
  ...
  </Bpm>
  <!--Idp-->
  <IdpSettings>
    <add key="IdentityUrl" value="..." />
    <add key="ReactBannerUrl" value="..." />
    <add key="WebApiUrl" value="..." />
  </IdpSettings>

  
2. Web API installation
TODO
2.x. For PROD env in <appSettings> change IsDevEnv to 0
2.x. If testing strong auth provider is used then only localhost can be used as redirect url. I.e. on Dev/Prod environments testing can be done only within RDP session.
Before to test in WFE RDP session create there new empty site in IIS called "Redirect" and some port e.g. 5000. After that add web.config to it's physical folder with the following content:
<configuration>
    <system.webServer>
		<!-- don't remove $Q at the end. Otherwise redirect from strong auth provider won't work -->
        <httpRedirect enabled="true" destination="https://secure.taloyhtio.info/idp/_layouts/15/taloyhtio/idp/authenticate.aspx$Q" exactDestination="true" httpResponseStatus="Temporary" />
    </system.webServer>
</configuration>

After that go to web.config of Web API and set the following url to RedirectUrl (port should be the same as for Redirect site created on WFE server):
<add key="RedirectUrl" value="http://localhost:5000/redirect" />

3. Identity server installation
TODO

4. React installation
TODO