Configuring SSO via STSADM

I can’t actually take credit for this particular command – in fact I’ve never configured SSO so I personally don’t know much about it.  I got the code from Stef van Hooijdonk who graciously provided the code he produced.

I made a few minor changes to Stef’s code just to bring it in line with the rest of my code but otherwise it’s as was provided to me – as such I’m not really prepared to support this command as I didn’t personally create it but it’s really straightforward.  One word of caution – the code uses a class which has been flagged as being meant for internal use only and not for use in custom code – specifically the Microsoft.SharePoint.Portal.SignleSignon.Configuration class.  Here’s the code:

   1: #if MOSS

   2: using System;

   3: using System.Collections.Specialized;

   4: using System.Text;

   5: using Lapointe.SharePoint.STSADM.Commands.OperationHelpers;

   6: using Lapointe.SharePoint.STSADM.Commands.SPValidators;

   7: using Microsoft.SharePoint.Portal.SingleSignon;

   8: using System.Diagnostics;

   9:  

  10: namespace Lapointe.SharePoint.STSADM.Commands.Security

  11: {

  12:     public class ConfigureSso : SPOperation

  13:     {

  14:         /// <summary>

  15:         /// Initializes a new instance of the <see cref="ConfigureSso"/> class.

  16:         /// </summary>

  17:         public ConfigureSso()

  18:         {

  19:             SPParamCollection parameters = new SPParamCollection();

  20:             parameters.Add(new SPParam("adminaccount", "admin", true, string.Empty, new SPNonEmptyValidator()));

  21:             parameters.Add(new SPParam("enterpriseapplicationaccount", "eaa", true, string.Empty, new SPNonEmptyValidator()));

  22:             parameters.Add(new SPParam("sqlserver", "sql", true, string.Empty, new SPNonEmptyValidator()));

  23:             parameters.Add(new SPParam("database", "db", true, string.Empty, new SPNonEmptyValidator()));

  24:             parameters.Add(new SPParam("tickettimeout", "tick", false, "2", new SPIntRangeValidator(1, 60), "Please specify minutes between 1 and 60"));

  25:             parameters.Add(new SPParam("auditlogs", "logs", false, "10", new SPIntRangeValidator(1, 90), "Please specify days between 1 and 90."));

  26:  

  27:             StringBuilder sb = new StringBuilder();

  28:             sb.Append("\r\n\r\nConfigure the SSO Service in the Farm. \r\n\r\nParameters:");

  29:             sb.Append("\r\n\t-admin <admin account or group that will admininster the SSO Service>");

  30:             sb.Append("\r\n\t-eaa <admin account or group that will administer the enterprise applications>");

  31:             sb.Append("\r\n\t-sql <sql server for the SSO Database>");

  32:             sb.Append("\r\n\t-db <database name for the SSO Storage>");

  33:             sb.Append("\r\n\t[-tick] <minutes a sso ticket is valid, defaults to 2>");

  34:             sb.Append("\r\n\t[-logs] <days to keep logs, defaults to 10>");

  35:  

  36:             Init(parameters, sb.ToString());

  37:         }

  38:  

  39:         #region ISPStsadmCommand Members

  40:  

  41:         /// <summary>

  42:         /// Gets the help message.

  43:         /// </summary>

  44:         /// <param name="command">The command.</param>

  45:         /// <returns></returns>

  46:         public override string GetHelpMessage(string command)

  47:         {

  48:             return HelpMessage;

  49:         }

  50:  

  51:         /// <summary>

  52:         /// Runs the specified command.

  53:         /// </summary>

  54:         /// <param name="command">The command.</param>

  55:         /// <param name="keyValues">The key values.</param>

  56:         /// <param name="output">The output.</param>

  57:         /// <returns></returns>

  58:         public override int Execute(string command, StringDictionary keyValues, out string output)

  59:         {

  60:             output = string.Empty;

  61:  

  62:             string adminAccount = Params["adminaccount"].Value;

  63:             string eaDefAccount = Params["eaa"].Value;

  64:             string sqlServer = Params["sqlserver"].Value;

  65:             string database = Params["database"].Value;

  66:  

  67:             uint ticketTimeout = 2;

  68:             if (Params["tickettimeout"].UserTypedIn)

  69:                 ticketTimeout = uint.Parse(Params["tickettimeout"].Value);

  70:  

  71:             uint auditLogs = 10;

  72:             if (Params["auditlogs"].UserTypedIn)

  73:                 auditLogs = uint.Parse(Params["auditlogs"].Value);

  74:  

  75:             Configure(adminAccount, eaDefAccount, sqlServer, database, ticketTimeout, auditLogs);

  76:  

  77:             return OUTPUT_SUCCESS;

  78:         }

  79:  

  80:         #endregion

  81:  

  82:         /// <summary>

  83:         /// Configures the SSO settings.

  84:         /// </summary>

  85:         /// <param name="adminAccount">The admin account.</param>

  86:         /// <param name="eaDefAccount">The ea def account.</param>

  87:         /// <param name="sqlServer">The SQL server.</param>

  88:         /// <param name="database">The database.</param>

  89:         /// <param name="ticketTimeout">The ticket timeout.</param>

  90:         /// <param name="auditLogs">The audit logs.</param>

  91:         private static void Configure(string adminAccount, string eaDefAccount, string sqlServer, string database, uint ticketTimeout, uint auditLogs)

  92:         {

  93:             try

  94:             {

  95:                 Log("Connecting to {0}", sqlServer);

  96:                 Configuration.ConfigureSecretServer(

  97:                     adminAccount,

  98:                     eaDefAccount,

  99:                     sqlServer,

 100:                     database,

 101:                     ticketTimeout,

 102:                     auditLogs);

 103:                 Log("SSO Configured succesfull.");

 104:             }

 105:             catch (Exception exc)

 106:             {

 107:                 if (exc.Message.Contains("-2147023143"))

 108:                     Log("Error occured in setting the SSO Server settings. Is the SSOService configured to run as a domain account?", EventLogEntryType.Error);

 109:                 throw;

 110:             }

 111:  

 112:             Log("Generating MasterSecret..");

 113:             Configuration.GenerateMasterSecret(false);

 114:             Log("Master Secret Key set.");

 115:         }

 116:  

 117:     }

 118: }

 119: #endif

The help for the command is shown below:

C:\>stsadm -help gl-configuresso stsadm -o gl-configuresso Configure the SSO Service in the Farm. Parameters: -admin <admin account or group that will administer the SSO Service> -eaa <admin account or group that will administer the enterprise applications> -sql <sql server for the SSO Database> -db <database name for the SSO Storage> [-tick] <minutes a sso ticket is valid, defaults to 2> [-logs] <days to keep logs, defaults to 10>

The following table summarizes the command and its various parameters:

Command Name	Availability	Build Date
gl-configuresso	MOSS 2007	Released: 4/17/2009

Parameter Name	Short Form	Required	Description	Example Usage
adminaccount	admin	Yes	Admin account or group that will administer the SSO service.	-adminaccount domain\spadmin -admin domain\spadmin
enterpriseapplicationaccount	eaa	Yes	Admin account or group that will administer the enterprise application.	-enterpriseapplicationaccount domain\spadmin -eaa domain\spadmin
sqlserver	sql	Yes	SQL Server name for the SSO database.	-sqlserver sql1 -sql sql1
database	db	Yes	Database name for the SSO storage.	-database SSODB -db SSODB
tickettimeout	tick	No	Minutes an SSO ticket is valid, defaults to 2.	-tickettimeout 2 -tick 2
auditlogs	logs	No	Day to keep logs, defaults to 10.	-auditlogs 10 -logs 10

The following is an example of how to configure SSO:

stsadm -o gl-configuresso –adminaccount domain\spadmin –enterpriseapplicationaccount domain\spadmin –sqlserver sql1 –database ssodb –tickettimeout 2 –auditlogs 10