Previous Topic: Grant Application Pool Identities for SharePoint Web Applications Permissions to the Client CertificateNext Topic: Create a Trusted Store for the Root Certificate Authority Certificate

Agent for SharePoint GuideAdvanced OptionsHow to Enable SSL for the Agent for SharePointRegister the Claims Search Service Endpoint on all WFE Servers

Register the Claims Search Service Endpoint on all WFE Servers

The next step in establishing the mutual trust relationship is registering the claims search service endpoint on all WFE servers in your SharePoint farm.

Registering a new end point for the claims search service associates the secure connection with the client authentication certificate. A PowerShell script that is installed with the claims provider automates the registration process. Register the new end point for all of the web front end (WFE) servers in your SharePoint environment.

Follow these steps:

  1. Remove any previously registered CA SiteMinder® claims services from the WFE server by running the following script: 
    SharePointClaimsProvider_directory\scripts\Remove-SMClaimSearchService.ps1 -WebApplication "url_of_SharePoint_web_application"

    The following example describes removing the registration of a previous claims search service endpoint for the following web applications:

  2. Repeat Step 1 for each SharePoint web application on the WFE server
  3. Gather the following information:
    –WebApplication url_of_SharePoint_web application

    Specifies the URL associated with a SharePoint web application.
    Example: http://SharePoint_webapplication.support.example.com:/ (runs on the default port).

    Example: http://SharePoint_webapplication.support.example.com:81/ (runs on port 81).

    Example: http://SharePoint_webapplication.support.example.com:82/ (runs on port 82).

    -ClaimSearchService claims_search_service_URL

    Specifies the URL of the claims search service.

    Limits: If the claim search service uses SSL, specify the https: protocol.

    Example: https://claim_search_service.support.example.com:8002/ClaimsWS/services/WSSharePointClaimsServiceImpl

    –ClientCertificateName

    Specifies the value in the Issued To: field of your client authentication certificate. This client certificate protects the Claims WS (web service).

    Example: SiteminderClaimsProvider

  4. Open the SharePoint 2010 Management Shell.
  5. Navigate to the following directory: 
    SharePointClaimsProvider_directory\scripts
  6. Enter the following command for your first web application: 
    .\Add-SMClaimSearchService.ps1 -WebApplication url_of_web_application url  -ClaimSearchService https://claims_search_service_url -EnableSSLClientAuthentication -ClientCertificateName name_in_Issued-To:_field_of_Certificate

    The first end point is registered.

  7. Repeat Step 4 for each SharePoint web application on the WFE server. The following example describes registering a claims search service endpoint for the following web applications:
  8. Restart your WFE server.
  9. Repeat Steps 1 through 8 on all of the web front end (WFE) servers in your SharePoint environment.

    The claims serach service endpoint is registered. Continue with the next step of creating a trusted store for the root certificate authority certificate.