SiteMinder Agent for SharePoint GuideAdvanced Options › How to Protect the Claims WS Service using SSL

Previous Topic: Add Public and Internal URLs on your SharePoint server for Path-Based Virtual Hosts

Next Topic: Claims WS Service Certificate Locations

How to Protect the Claims WS Service using SSL

The Agent for SharePoint performs user look–ups in the SQL Server database of the SharePoint central administration server using the Claims web service (WS). You can encrypt communications to the Claims WS service with SSL. Protecting the Claims WS service requires that several separate procedures performed on various components in your environment.

To protect the Claims WS service using SSL, use the following process:

Note: This procedure provides one possible example of how to configure this feature using third-party tools. CA Technologies did not develop nor provide these tools. These tools are subject to change at any time by the third party without notice. Use this procedure as a guide for configuring this feature in your specific environment. The actual steps required in your situation could be different from the steps that are shown here.

  1. Review the certificate locations.
  2. Perform the following tasks on the computer hosting your Agent for SharePoint:
    1. Verify the prerequisites.
    2. Generate a key store file for the Claims Search Service.
    3. Extract the certificate from the key store.
    4. Edit the server.conf file used by the Agent for SharePoint.
    5. Generate the SSLConfig.properties file.
  3. Add a trusted root authority in your SharePoint farm.
  4. Configure a mutual trust relationship between the claims search service and the claims provider by performing the following tasks on each SharePoint server in your environment:
    1. Request a client certificate.
    2. Have your administrator approve your request for a client certificate.
    3. Verify your approval and install your client certificate.
    4. Export your client certificate.
    5. Install the client certificate on your SharePoint servers.
    6. Grant application pool identity permissions to the certificate.
    7. Register the end point for the claims search service.
  5. Return to the computer hosting your Agent for SharePoint and perform the following tasks:
    1. Create a trusted store for the root certificates.
    2. Generate an SSLConfig.Properties file for the trusted root certificate store.
    3. Restart the Agent for SharePoint.