In this post i'll explain how to federate and access a Sharepoint 2013 service application from Sharepoint 2010.
The concept is simple both farms will need to have a trust relationship,
this relationship is established by exchanging certificate between farms.
All the Commands given in this post will have to be run on the machine which the Central Administration is running.
First you'll need to get the certificate from the Consumer Farm, here the 2010 Farm.
Here you'll need to get the Root Certificate and the Security Token Service Certificate.
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content "C:\ConsumerFarmRoot.cer" -Encoding byte
$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export("Cert") | Set-Content "C:\ConsumerFarmSTS.cer" -Encoding byte
Then we'll need to get the Root Certificate from the Publisher Farm
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content "C:\PublisherFarmRoot.cer" -Encoding byte
Then we'll have to exchange (Copy) the certificates between the farms.
After exchanging the certificates between the farms we'll have to establish the trust between farms.
Creating trust in Publisher Farm
Create trusted Authority $trustCert = Get-PfxCertificate "C:\ConsumerFarmRoot.cer" New-SPTrustedRootAuthority "ConsumerFarm" -Certificate $trustCert Create trusted token issuer $stsCert = Get-PfxCertificate "c:\ConsumerFarmSTS.cer" New-SPTrustedServiceTokenIssuer "ConsumerFarm" -Certificate $stsCert
Now you'll have to do some security configuration
First Get the GUID of the Consumer Farm
(Get-SPFarm).Id
Then give access to Publisher farm (Run in Publisher farm)
$security = Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity $claimProvider = (Get-SPClaimProvider System).ClaimProvider $principal = New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" –ClaimProvider $claimProvider -ClaimValue ConsumerFarmID Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control" Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security
Now we'll have to get the information from the service application of 2013 and create a service proxy in sharepoint 2010 central admin.
First go to the Shapoint 2013 central Admin and Go to Application Management and the select the Manage Service Applications.
Then select the Service application that you want to federate and click publish on the ribbon
from the menu check the "Publish this Service Application to other farms"
and copy the Service URL.
Then Click permissions from the ribbon and give full control to the Farm Admin of the Consumer farm.
Now we have the service URL so we can create a proxy at the Consumer End and start using the service.
In the Central admin of the consumer farm go to Application Management->Manage Service Applications and the from the ribbon click connect and select the service type which you are going to access.
Then give the URL of the service address we copied from Publisher service click ok.
Now sharepoint will show you the available service at the location, select it and click OK, then you'll have to give a name for the proxy, when its done you can use the service of 2013 from 2010 applications.
Please leave a comment :)
No comments:
Post a Comment