Create SharePoint trusted token ID for Provider hosted App


We know that provider hosted app’s logic executes outside of the SharePoint farm and hence SharePoint farm needs to be authenticated via issuer Id and following script will help you to generate the Issuer ID for the same:

if ( (Get-PSSnapin -Name Microsoft.Sharepoint.Powershell -ErrorAction SilentlyContinue) -eq $null )

Add-PsSnapin Microsoft.Sharepoint.Powershell

#Create Issuer ID
$issuerID = [System.Guid]::NewGuid().ToString()

#Get registered Issuer Name

$SPSiteUrl ="http://Spserver:portNumber"
$SPSite = Get-SPSite $SPSiteUrl
$SPrealm = Get-SPAuthenticationRealm -ServiceContext $SPSite
$registeredIssuerName = $issuerID +'@' + $SPrealm

#Validate the request sent by external server via public certificate
$publicCertificateLocation = "C:\Dipti\AppCerts\OnPremApp.cer"
$publicCertificate = Get-PfxCertificate $publicCertificateLocation

#Say to share point that one issuerID shared multiple client IDs.Meaning same certificate can be used for other apps as well

$SPsecureTokenIssuer = New-SPTrustedSecurityTokenIssuer -Name $IssuerID -RegisteredIssuerName $registeredIssuerName -Certificate $publicCertificate -IsTrustBroker

#Turn Off the https requirements specifically for development environment
$ServiceConfig = Get-SPSecuritytokenServiceConfig
$ServiceConfig.AllowAuthOverHttp = $true

#Run ISSReset to available the IssuerID

#Get your available IssuerID
write-host "Your available Issuer ID:" $issuerID

Use your available Issuer ID in your provider hosted app !

Happy sharePointing 🙂

Leave a Reply

2 responses to “Create SharePoint trusted token ID for Provider hosted App”

Leave a Reply

Your email address will not be published. Required fields are marked *