SharePoint ADFS Cert expiring / rollover

Hi,

If your ADFS cert is expiring, the SharePoint site will throw this error:

The SAML Assertion is either not signed or the signature’s KeyIdentifier cannot be resolved to a SecurityToken. Ensure that the appropriate issuer tokens are present on the token resolver

To resolve this, just go into your ADFS server, export the new Token Signing certificate, then run this in CA server:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("D:\SSL Certificate\ADFSCert.cer")
New-SPTrustedRootAuthority -Name “Token Signing Certificate” -Certificate $cert
$sts = Get-SPTrustedIdentityTokenIssuer
$sts | Set-SPTrustedIdentityTokenIssuer -ImportTrustCertificate $cert

 And voila! it will start working again.

HTH,
Andreas

Comments

Post a Comment

Popular posts from this blog

SharePoint 2013 anonymous access add attachments to list item

Image
Hi, Sometimes you want to enable anonymous access to be able to add a list item but at the same time attaching some documents. After good few hours playing around trying to make this work, turns out that we can achieve this functionality. The trick is to use RunWithElevatedPrivileges method for the file upload. We also want the file upload functionality to be available on the NewForm.aspx as it wouldn't make sense to put it in other forms as any user would be able to upload files to other records. The result will be something like this: When it is saved, the user is redirected to the display form: The close button then will take the user back to the homepage (or any page you desire) The steps: 1. Create an ascx control to host your file upload control in your project.  Put the below script in the ascx as well (credit to this post ): The code behind: 2. Create custom form template. You have to put the ascx in the CONTROLTEMPLATES folder of the ...
Read more

Sitecore custom publish agent from specific node and at a specific time

Hi all, As you all know, scheduled publishing will not run automatically unless you enable PublishAgent task in Sitecore config. By default, all items that are in publish queue will get published when this task triggers. This includes all items in the final workflow state and all items that don't have workflows. Sometimes this is not what you want. Maybe you don't enable workflow on media items and you don't want the items to go live when they are not ready. The workaround is to create your own PublishAgent task. Looking at the one provided, we can easily extend the code to insert the RootItem to the PublishOptions (this only works with Full or Smart publish mode however): You will notice that on the Run method I check whether the server time is around the time I set in the parameter (thanks to this post for the code). This will enable us to run the task near the specific time we set (e.g. midnight). In the config patch, just add this to enable the custom agent...
Read more

CRM Plugin - Parent and Child Pipeline

This concept tends to confuse people often - and I was no exception. I came across this problem when trying to create custom auto-numbering for one of my projects. Creating auto-number for Opportunity is easy. This is because the user creates opportunity straight from the home screen - thus the plugin runs on parent pipeline. However, it's a different story if you are dealing with Quote entity. Quote can be created in 2 ways, through the home screen OR the opportunity screen. If you create it from the latter, it will run on the child pipeline and you will find that your plugin will not work. Registering it as a child pipeline is easy, but CRM makes it harder since you can't use ICRMService. Instead, you have to create CRMService manually by using this piece of code: Not only that, with the child plugin you can't use Query expression to fetch other entities in your code unless you register it as ASYNCHRONOUS plugin. Mark Kovalcson in his blog found out that: A C...
Read more