Modify the Sign-In URL of your CA SiteMinder® Trusted Identity Provider

Agent for SharePoint Guide › Advanced Configuration Options › Modify the Sign-In URL of your CA SiteMinder® Trusted Identity Provider

Modify the Sign-In URL of your CA SiteMinder® Trusted Identity Provider

This scenario describes changing the sign-in URL of your CA SiteMinder® trusted identity provider of an existing CA SiteMinder® environment. For example, update the URL if you change the protocol of your sign-in URL from HTTP to HTTPS.

The following illustration describes the process of modifying the sign-in URL of your CA SiteMinder® trusted identity provider:

This flowchart shows the workflow required for changing the sign-in URL used by the SiteMinder trusted identity provider for your SharePoint environment

To modify the sign-in URL of your CA SiteMinder® identity provider, follow these steps:

Edit the Sign-In URL for the Affilliate Domain using the Sharepoint Connection Wizard

You can update the affiliate domain with a new sign-in URL for your CA SiteMinder® trusted identity provider. This update requires running the SharePoint connection wizard on the computer hosting your CA SiteMinder® CA SiteMinder® Agent for SharePoint.

This procedure adds the new sign-in URL of your CA SiteMinder® trusted identity provider on your CA SiteMinder® Policy Server.

Follow these steps:

Navigate to the following directory:

Agent-for-SharePoint_home/sharepoint_connection_wizard

Do one of the following procedures:
- For Windows operating environments, right-click the executable and then select Run as administrator.
- For Solaris operating environments, enter the following command:
```
Solaris: sh ./ca-spconnect-version-sol.bin
```
- For Linux operating environments, enter the following command:
```
Linux: sh ./ca-spconnect-version-rhel30.bin
```
The wizard starts.
Click Next.
The Login Details screen appears.
Complete the following fields with the information from your existing CA SiteMinder® settings:

Policy Server Name

Specifies the Policy Server name or IP address.

Username

Specifies the Policy Server administrator username.

Password

Specifies the Policy Server administrator password.

Agent Name

Specifies the Agent-4x. The connection with the Policy Server is established using the details given in the Agent Name.

Shared Secret Key

Specifies the shared secret key that is associated with the Agent.
Click Next
The Select Action screen appears.
Select Edit a SharePoint Connection option.
Click Next.
The SharePoint Connection Properties screen appears.
Click Next until the SharePoint Connection Properties screen appears.
Locate the following field:

Authentication URL

Specifies the port number that is associated with the predefined protected URL which the SharePoint connection wizard adds automatically. When users try accessing a protected SharePoint resource without a SiteMinder session, they are redirected to the Authentication URL.

If you are using a default port number (such as 80 for HTTP or 443 for HTTPS), delete the <port> setting from this field.

Note: We recommend using HTTPS on production environments and pages which handle user credentials, such as login pages.
Change the protocol (such as HTTP or HTTPS) or the port number.
Click Next.
The attribute details are saved and the Commit Details screen appears.
Click Install in the Commit Details screen.
The Save Complete screen appears.
Click Done.
The partnership details are saved, the SharePoint Connection is modified, and the wizard closes.

Verify that your Account has the Required Permissions

The user account with which you want to modify the CA SiteMinder® trusted identity provider requires certain permissions. Modify the permissions of your user account if it does not meet the following conditions:

An Administrator account.
A member of the Administrators group.

Add the following privileges to your account:

Local administrator on all SharePoint web front end (WFE) servers.
Read/Write access to the configuration database.

Open a SharePoint 2010 Management Shell Window on your SharePoint Central Administration Server

Add claims to your CA SiteMinder® trusted identity provider using the SharePoint 2010 Management shell.

Follow these steps:

Log in to your SharePoint Central Administration server.
Click Start, All Programs, Microsoft SharePoint 2010 Products, SharePoint 2010 Management Shell.
A SharePoint 2010 management shell command-line window appears.

Identify your Trusted Identity Provider

A SharePoint 2010 environment can have multiple trusted identity providers. Identify your CA SiteMinder® trusted identity provider before modifying any claims that are associated with it.

Follow these steps:

Enter the following command to list all of the trusted identity providers:
```
Get-SPTrustedIdentityTokenIssuer 
```
A list of trusted identity providers appears.
Locate your CA SiteMinder® trusted identity provider in the list.
Your CA SiteMinder® trusted identity provider is identified.

Change the Sign-in URL of your CA SiteMinder® Trusted Identity Provider

Use the SharePoint 2010 Management Console to Changing the sign-in URL of your CA SiteMinder® trusted identity provider.

Follow these steps:

Enter the following command to change the sign-in URL of your CA SiteMinder® trusted identity provider:
```
Set-SPTrustedIdentityTokenIssuer "name_of_your_siteminder_trusted_identity_provider" -SignInUrl new_sign-in_URL
```
Example: Changing Sign-in URL
This example shows how to change a sign-in URL for a trusted identity provider named SMTIP.
```
Set-SPTrustedIdentityTokenIssuer "SMTIP" -SignInUrl https://sharepoint.example.com
```
The sign-in URL is changed.

Verify that the Sign-in URL has Changed

You can verify the new sign-in URL for your CA SiteMinder® trusted identity provider.

Follow these steps:

Enter the following command to verify the presence the new sign-in URL:
```
Get-SPTrustedIdentityTokenIssuer
```
A list of trusted identity providers and their respective settings appears.
Verify that the sign-in URL for your CA SiteMinder® trusted identity provider is correct.