Documentation Center

Adding the relying party entries for webUI and WCF Services

After the SDL LiveContent Architect installation you have to create the Relying Party Trust for the website and the WCF services on the ADFS 2.0 Server. This is required to allow logins to SDL LiveContent Architect.

About this task

These post-installation steps have to be done when you are using ADFS as STS. If you are using InfoShareSTS as STS do not follow these steps.

Doing this manually can be error prone, therefore SDL provides you a PowerShell script that creates the Relying Party Trust and does the configuration. To execute the script do the following:

Procedure

  1. The ADFS server needs the service certifcate that is used by the SDL LiveContent Architect WCF Services.
    This is the same value as the certificate whose thumbprint is used in the inputparameters parameter servicecertificatethumbprint. With the typical SDL LiveContent Architect setup, this WCF Service certificate is the same as the IIS Website Certificate for SSL.
    1. Open Internet Information Services (IIS) ManagerServername.
    2. Double-click Server Certificates in the right pane.
    3. Right-click on the certificate of the IIS website that is going to be used for SDL LiveContent Architect then click View.
    4. Click on the Details tab then click Copy to File and export the certificate to the file system (private key not necessary).
  2. Copy the PowerShell scripts which are created in the directory \InfoShare\App\Setup\STS\ADFS\Scripts\ scripts to a temporary directory on the ADFS 2.0 server together with the certificate you exported in the previous step.
  3. Login into the ADFS Server and open a administrative PowerShell command line; right-click on the PowerShell shortcut and choose Run as administrator.
  4. Set the PowerShell execution policy to Unrestricted.
    • To check if PowerShell's execution policy is already set to unrestricted, execute the command:

      Get-ExecutionPolicy

    • If the output of this command shows something other than Unrestricted, execute the command:

      Set-ExecutionPolicy Unrestricted

  5. Change the working directory of the command prompt by executing the command:

    cd YourCopiedAdfsScriptsFolder

  6. Before running the script, load the ADFS PowerShell module by issuing the command:
    Add-PSSnapin Microsoft.Adfs.PowerShell
  7. Execute the command:

    .\SDL.LiveContent.Architect-ADFSv2.0-RP-Install.ps1 "\YourCertificateFolder\cerFile.cer\"

    Now if you open AD FS 2.0 Management you should see two new Relying Party entries with the baseurls you use for the SDL LiveContent Architect instance.

Removing the relying party entries for webUI and WCF Services

If you want to remove the Relying Party entries, for instance because SDL LiveContent Architect is moved to another server or the url has changed, follow the steps below.

Procedure

  1. Check if the Uninstall script for the Relying Party entries is on the ADFS server. If not, copy it from the SDL LiveContent Architect application server directory \InfoShare\App\Setup\STS\ADFS\Scripts\ .
  2. Login into the ADFS Server and open a administrative PowerShell command line; right-click on the PowerShell shortcut and choose Run as administrator.
  3. Before running the script, load the ADFS PowerShell module by issuing the command:
    Add-PSSnapin Microsoft.Adfs.PowerShell
  4. Execute the command:
    .\SDL.LiveContent.Architect-ADFSv2.0-RP-UnInstall.ps1
    Now if you open AD FS 2.0 Management you should see that the two Relying Party entries are removed.