63 lines
5.4 KiB
Plaintext
63 lines
5.4 KiB
Plaintext
Windows Live ID Authetication Documentation
|
|
|
|
This set of instructions will lead you through the installation and configuration of the Windows Live ID Authentication provider for SharePoint. The documentation will show step by step what process to follow, and should cover known trouble areas. Please submit any issues that do come up to the Known Issues list for review and the documentation can be updated or the issue can be scheduled to be resolved.
|
|
|
|
Download the SharePoint Solution
|
|
|
|
The first step of the installation is to download the WSP solution file. You can download the current version here.
|
|
|
|
Deploy the SharePoint Solution
|
|
|
|
In order to deploy the solution you need to make sure the WSP file is on the SharePoint server file system. Then you should:
|
|
Open a command prompt
|
|
Change directory in to the directory you have downloaded the WLA.wsp file
|
|
Type: "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe" -o addsolution -filename CKS.MembershipProvider.WindowsLiveAuthentication.wsp
|
|
Type: "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe" -o deploysolution -name CKS.MembershipProvider.WindowsLiveAuthentication.wsp -immediate -allowgacdeployment
|
|
Type: "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe" -o execadmsvcjobs
|
|
This will install:
|
|
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\liveinfo.aspx
|
|
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\liveauth-handler.aspx
|
|
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\CONFIG\stsadmcommands.addwindowsliveauth.xml
|
|
GAC: WindowsLiveAuth.dll
|
|
These files will be installed on all servers in the farm.
|
|
|
|
Register a Windows Live ID Application
|
|
|
|
Once the solution is installed you must make sure that you have registered your application with live.com. Doing this will give you an Application ID and a secret key that you will use to identify your users to live.com and authenticate the response that will determine if the user is valid.
|
|
|
|
Login to https://msm.live.com/app/default.aspx
|
|
Click on the Register an Application link
|
|
The Application Name is a name you will use to identify your application
|
|
The Return URL must be set to http://your.servername.com/_layouts/liveauth-handler.aspx
|
|
The Secret Key is the "password" that will be used to sign the authentication responses (this is the AppKey you will need later)
|
|
Submit the registration
|
|
Click on the Manage My Applications link
|
|
Using the Manage My Applications page you should remember the Application ID (this is the AppId you will need later)along with the Secret Key you used when registering the application.
|
|
|
|
Configure the Authentication Provider
|
|
|
|
Once you have the provider installed and the application registered you need to configure the system to use this information. A new STSADM command has been added to help with this process. To complete the configuration you must:
|
|
Go to the Central Administration home page
|
|
Click on the Application Management tab
|
|
Click on the Authentication providers link in the Application Security section
|
|
Use the Web Application drop down to ensure that the correct web application is selected
|
|
In the Zones list pick the zone you want to enable Live ID Authentication on (Default is probably going to be what you are looking for)
|
|
Select the Authentication Type of Forms
|
|
Enter a Membership provider name of LiveID
|
|
Enter a Role manager name of LiveRoles
|
|
Click the Save button
|
|
This has configured SharePoint to use the new Membership and Role providers, however there is one more configuration steps to configure the web applications to recognize the new providers. You must:
|
|
|
|
Open a command prompt
|
|
Type: "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe" -o addwindowsliveauth -appid <application id> -appkey <application secret key> -appmode <http/https - this is what url your users use> -profsite <URL of site that contains the profile list> -proflist <user profile list name> -locked <URL to send locked users to> -url <URL of the Web Application>
|
|
You must run this command for every Web Application you wish to have access to this user list (i.e. the Web Application that will authenticate Live ID users and Central Administration if you want Live ID users to be able to own site collections etc). The one difference when running the command for different Web Applications will be the -url parameter.
|
|
Finally you need to add the defaultProvider for the Web Application that will authenticate Live ID users, you will replace the following in the web.config for the Web Application:
|
|
<membership> with <membership defaultProvider="LiveID">
|
|
<roleManager> with <roleManager defaultProvider="LiveRoles" enabled="true" cacheRolesInCookie="true" cookieName="liveroles">
|
|
You can find an example portion of the complete web.config here
|
|
Perform an IISRESET and you are done
|
|
Note: As a best practice you will want to have the profsite parameter set to a site that has restricted access as it will allow contributors to lock users.
|
|
|
|
Note: As a best practice the locked parameter should be a URL that has anonymous access and ideally has contact information about how to become unlocked.
|
|
|
|
Note: Live ID users will need to have the Edit Personal User Information permission added to whatever role they have on the site to have access to change their personal information. |