I have been thinking about this for a little while, but finally found a reason to make it myself. If you have worked with Windows Identity Foundation SDK in the past you might have spotted a very handy utility called FedUtil.exe. If you installed the SDK in the default location its located at “C:\Program Files (x86)\Windows Identity Foundation SDK\v3.5″ folder. Or if you are a developer you might have noticed the “Update STS reference” button while working on a standard ASP.NET web application. This tool is great when you are working with ADFS 2.0 or any other standards compliant identity provider. This utility configures the ASP.NET web application and produces relying party metadata which could be later sent to the identity provider so that too could be configured to issue claims to this relying party.

SharePoint is a ASP.NET web application however because of SharePoint specific deployment scenarios this tool is not very useful in a SharePoint context. So i have attempted to create a utility that could be used for similar purposes. SPFedUtil.exe features as it stands today [4:40pm 12/05/2010]

  • Displays currently configured SharePoint trusted login providers
  • Enables configuration of trusted login provider name and realm
  • Federation metadata consumption from a server or file system
  • Identity provider certificate verification and CA configuration
  • Augmenting list of claims provided by identity provider with a CSV file
  • Specifying SharePoint user identity claim type
  • Specifying SharePoint claim provider for this trusted login provider
  • SharePoint replying party metadata configuration, including contact and organization info
  • Configures SharePoint trusted login provider using PowerShell (can be run from the util)
  • Emailing of generated relying party metadata to identity provider technical contact

This utility can be found here [download id="2" format="1"] Please feel free to mention this blog as the source of this utility.

I wont clutter up this post with all the images and how to instructions for this utility. I have created a separate project site here. I will endevour to put full how-to documentation on that page. But for now here are a couple of screenshots



 

[4:44 21/05/2010] Update : bug fixed – Identity provider sign in URL not configured properly during SharePoint trusted provider setup. This now retrieves the sign in URL from the IdP metadata.

This is a beta tool and thus should be used with caution :D