- Your server must belong to an Active Directory domain.
- Your server must be connected to a domain controller.
- You must use a domain user account (not a group account).
- You must use a SharePoint server farm account.
- You must be a member of the local Administrators group on the encryption-key server (which is the first server where we will start SSOSrv).
- You must be a member of the Security Administrators role and db_creator role on the computer running SQL Server.
- You must belong to the single sign-on administrators group.
- Go to the Start menu and select All Programs –> Administrative Tools –> Computer Management.
- Expand Services and Applications.
- Click Services.
- Locate Microsoft Single Sign-On Service and rt-click.
- Select Properties.
- On the General tab of the properties window, click the Startup Type drop down menu and select Automatic.
- On the same tab, under Service status, click the Start button.
- Click Ok to close the properties window.
You will need to perform these steps on each server in your server farm. Once the service is started we can now go configure SSO settings in Central Administration.
- Open the Central Administration web application.
- Navigate to the Operations page.
- In the Security Configuration section, click Manage Settings for Single Sign-On.
- On the Manage Server Settings page, click the Manage Server Settings link.
- Enter the Single Sign-On administrator account name using the domain\username format. Note: The group or user specified here must meet all of the following criteria:
- A Windows global group or individual user account – cannot be a domain local group account or a distribution list.
- If a user is specified, the user must belong to the same account as the SSO service account and the configuration account for SSO.
- If a group is specified, the SSO service account must be a member of that group and the configuration account for SSO must be a member of that group.
- They must be a member of the Farm Administrators group on Central Administration.
- Enter the Enterprise Application Definition Administrator Account. (This user or group must be member of the SharePoint Readers group on Central Administration).
- In the Database Settings Section, enter the NetBIOS name of the single sign-on database server.
- Enter the Database Name.
- Enter the Time Out settings. The default value is 2 minutes.
- Enter the Delete Audit Log Records Older than value. The default value is 10.
- Click OK.
- Navigate to the Manage Settings for Single Sign-On page.
- In the Server Settings section, click the Manage Encryption Key link.
- Click Create Encryption Key.
- Check the New Encryption Key checkbox.
- Click OK.
- Navigate to the Manage Settings for Single Sign-On page.
- In the Server Settings section, click the Manage Encryption Key link.
- Navigate to the location where you want to backup the encryption key. This must be a removable storage device.
- Click Back Up.
- Navigate to the Manage Settings for Single Sign-On page.
- In the Server Settings section, click the Manage Encryption Key link.
- Navigate to the location where you placed the backup encryption key. This must be a removable storage device.
- Click Restore.Â
In the previous blog you learned how to setup and configure Single Sign-On (SSO) for SharePoint. In the SSO environment, the back-end or external data sources are referred to as “enterprise applications”. An enterprise application definition needs to be configured for each external data source that SharePoint will connect to. After you have started the SSO service, configured Central Administration, and created and encryption key, you must configure account information for the enterprise application definition.
- Navigate to the Operations page of Central Administration.
- In the Security Configuration section, click the Manage Settings for Single Sign-On link.
- Click Manage Settings for Enterprise Application Definitions.
No comments:
Post a Comment