Prerequisites and Components for Federation Extensions for SharePoint 3.0

  • Article

The sections in this topic discuss the prerequisites required to install Microsoft Federation Extensions for SharePoint 3.0 and the components of the package.

Prerequisites

The following are the prerequisites for this package:

  • SharePoint Servers: Microsoft Office SharePoint Server (MOSS) 2007 SP2 or Windows SharePoint Services (WSS) 3.0 SP2.

    1. If SharePoint is running as Network Service, the STS signing certificate must be added to the Local Machine Trusted People store.

    2. If SharePoint is running as any other account, such as domain\user, the STS signing certificate may be added to (a) the Local Machine Trusted People store or (b) domain\user’s Trusted People store. Option (b) is more secure and is the recommended option. If option (b) is chosen, you must run FedUtil as domain\user to display the correct certificate validation results.

  • Clients:

    • Office 2007 SP2 with the hotfix identified in KB969413 or Office 2010 RTM.

    • Office 2007 QFE 26589 as identified in KB981041.

    • Browser clients: Internet Explorer 7 or 8.

  • Windows® Identity Foundation (WIF).

  • .NET Framework 3.5 SP1.

Warning

Do not install AD FS 2.0 and SharePoint on the same computer. The SharePoint installation disables the default Web site at port 80. However, AD FS 2.0 uses this Web site and creates a virtual directory underneath it.

Components

This package installs the following components:

  • SharePoint Federation Utility.

    This utility performs the following major functions:

    • Presents a UI wizard and collects the necessary information about the SharePoint application that needs to be federated.

    • Modifies the SharePoint application’s configuration with the following information:

      • Adds the necessary WIF HTTP modules to the ASP.NET HTTP pipeline of the SharePoint application.

      • Adds the Federation Extension HTTP module to the ASP.NET HTTP pipeline of the SharePoint application.

      • Adds a WIF configuration section with the necessary parameters.

    • Modifies the SharePoint application settings to use Claims-based Membership and Role providers.

    • Generates a federation metadata document for the selected SharePoint application.

  • Federation Extension HTTP Module.

    This module performs the following tasks:

    • Implements a Claims-based Membership and Role provider that converts claims to roles that are consumable by SharePoint.

    • Provides Office client integration to enable Office clients to perform federated single sign-on with the federated SharePoint Web application.

    • Adds sliding window functionality for cookie renewals.

      Sliding expiration resets the expiration time for a valid authentication cookie if a request is made and more than half of the timeout interval has elapsed. If the cookie expires, the user must re-authenticate.