Access SharePoint using Basic Authentication and SSL (via Alternative Access URL) with SP 2016 (v 1.9)

Similar documents
Enabling Secure Sockets Layer for a Microsoft SQL Server JDBC Connection

Enabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface

Deployment guide for Duet Enterprise for Microsoft SharePoint and SAP Server 2.0

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Security configuration of the mail server IBM

ms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm

ConnectUPS-X / -BD /-E How to use and install SSL, SSH

Microsoft Dynamics GP Web Client Installation and Administration Guide For Service Pack 1

Configuring SSL for EPM /4 Products (Cont )

Managing AON Security

Using SSL to Secure Client/Server Connections

Assureon Installation Guide Client Certificates. for Version 6.4

Securing U2 Soap Server

Hitachi ID Systems Inc Identity Manager 8.2.6

Certificate Properties File Realm

Configuring SAML-based Single Sign-on for Informatica Web Applications

SCCM Plug-in User Guide. Version 3.0

Entrust Connector (econnector) Venafi Trust Protection Platform

Creating and Installing SSL Certificates (for Stealthwatch System v6.10)

20411D D Enayat Meer

Cloud Access Manager Configuration Guide

IBM Workplace TM Collaboration Services

NBC-IG Installation Guide. Version 7.2

ENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017

How to convert.crt SSL Certificate to.pfx format (with openssl Linux command) and Import newly generated.pfx to Windows IIS Webserver

HPE Enterprise Integration Module for SAP Solution Manager 7.1

Google Search Appliance Connectors

How to configure the UTM Web Application Firewall for Microsoft Remote Desktop Gateway connectivity

SSL Configuration Oracle Banking Liquidity Management Release [April] [2017]

Overview of Web Services API

BusinessObjects Enterprise XI Release 1 and Release 2

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

Setup Guide for AD FS 3.0 on the Apprenda Platform

Best Practices for Security Certificates w/ Connect

IceWarp SSL Certificate Process

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

VMware Horizon JMP Server Installation and Setup Guide. 13 DEC 2018 VMware Horizon 7 7.7

Genesys Security Deployment Guide. What You Need

Oracle Oracle Identity Manager 11g

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

Using the Terminal Services Gateway Lesson 10

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

App Orchestration 2.6

How SSL works with Middle Tier Oracle HTTP Server:

Fischer International Identity Fischer Identity Suite 4.2

VMware AirWatch Integration with RSA PKI Guide

Wildcard Certificates

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

Enabling SAML Authentication in an Informatica 10.2.x Domain

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

VII. Corente Services SSL Client

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

VMware Horizon JMP Server Installation and Setup Guide. Modified on 19 JUN 2018 VMware Horizon 7 7.5

Installation and Configuration Guide

SDN Contribution HOW TO CONFIGURE XMII BUILD 63 AND IIS 6.0 FOR HTTPS

Vendor: IBM. Exam Code: Exam Name: IBM FileNet P8 V5.1. Version: Demo

Copyright and Trademarks

McAfee Cloud Identity Manager Installation Guide For McAfee Cloud Identity Manager v3.1 August 2012

AirWatch Mobile Device Management

Content and Purpose of This Guide... 1 User Management... 2

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

SSL/TLS Certificate Check

1Integrate for ArcGIS Installation Guide. Server Edition

Perceptive SOAPBridge Connector

Odette CA Help File and User Manual

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

How to Configure SSL Interception in the Firewall

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Assuming you have Icinga 2 installed properly, and the API is not enabled, the commands will guide you through the basics:

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Copyright

VMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment

Status Web Evaluator s Guide Software Pursuits, Inc.

IBM. Bulk Load Utilities Guide. IBM Emptoris Contract Management SaaS

Enterprise Integration Module for SAP Solution Manager 7.2

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series

This help covers the ordering, download and installation procedure for Odette Digital Certificates.

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

Public Key Enabling Oracle Weblogic Server

SSL/TLS Certificate Generation

Mitel MiVoice Connect Security Certificates

Dohatec CA. Export/Import Procedure etoken Pro 72K FOR USERS OF ETOKENS [VERSION 1.0]

VMware Tunnel Guide for Windows

VMware AirWatch Integration with SecureAuth PKI Guide

Configuring Microsoft ADFS for Oracle Fusion Expenses Mobile Single Sign-On

NetExtender for SSL-VPN

Fall. Installing InterChange on Premise. Version 5.0 (October 2016) 2016 Akumina, Inc. All rights reserved. k

Installing and Configuring vcloud Connector

IBM Security Identity Governance and Intelligence. SDI-based IBM Security Privileged Identity Manager adapter Installation and Configuration Guide IBM

Microsoft ADFS Configuration

Configuring SSL. SSL Overview CHAPTER

ARCAD Secure Sockets Layer (SSL) Version xx

QUICK SET-UP VERIFICATION...3

Transcription:

Access SharePoint using Basic Authentication and SSL (via Alternative Access URL) with SP 2016 (v 9) This page is part of the installation guide for the Confluence SharePoint Connector. It tells you how to configure access to SharePoint using basic authentication and SSL via an alternative access URL in SharePoint. These instructions apply to the connector for SharePoint 201 On this page: Overview Caveats Server Certificate Installation Instructions Configuring SharePoint Step 1: Extend the SharePoint Site to Another IIS Web Site Step 2: Configure the IIS Authentication Providers Step 3: Configure the Alternate Access Mappings Step 4: Import the SSL Certificate into IIS Step 5: Restrict the IIS Web Site to Confluence Configuring Confluence Step 1: Trust SharePoint's SSL Certificate Step 2: Configure the Alternative URL in Confluence Overview In this configuration, client browsers authenticate against SharePoint using Integrated Windows Authentication (NTLM or Kerberos). Confluence however, authenticates against SharePoint on a separate port that is configured to use basic authentication over Secure Sockets Layer (SSL). This is accomplished using SharePoint's capability to extend a site collection over multiple web applications. Using alternative access mappings in SharePoint, all hyperlinks in the SharePoint content direct users back to the primary SharePoint site. This configuration method offers a greater level of security than the method that accesses SharePoint using Integrated Windows Authentication (NTLM Only). The configuration procedure is, however, more complex. You should review the security measures of your internal network before deciding which method is most appropriate for your environment. Use this Configuration when... Confluence is not running on a Windows server. Your corporate security policy prohibits the use of NTLM(v1) authentication, which is necessary for the NTLM configuration. Your SharePoint site(s) is/are not configured to use Secure HTTP (HTTPS) and you are concerned about the possibility of packet sniffing or eavesdropping. If you have not already seen our guide to planning your environment, you can refer to it for information that will help you select the best configuration for your environment. Caveats Server Certificate Enabling SSL requires the installation of a certificate on the SharePoint server. Depending on the way in which you source the certificate, this could involve either an additional financial cost or a number of additional configuration steps. Installation Instructions Configuring SharePoint Use IE7+ when Configuring SharePoint We recommend that you use Internet Explorer 7 or later to perform the configuration steps described on this page. You may experience unusual behavior if you use FireFox or other browsers on some SharePoint administrative pages.

Configure all SharePoint Top-Level Sites used by Confluence You will need to perform these configuration steps for each SharePoint top-level site that is exposed to Confluence. Step 1: Extend the SharePoint Site to Another IIS Web Site Log in to SharePoint Central Administration and select the ' Application Management' portal. In the ' Web Applications' section, select ' Manage web applications'. Select the required SharePoint site and click ' Extend'. Screenshot: Selecting 'Extend' for a SharePoint site The ' Extend Web Application to Another IIS Web Site' screen appears. Select ' Create a new IIS web site' Fill out the details of the new site: Add a meaningful name that describes the purpose of the site. Ensure that the IIS web site is assigned a unique port that is not currently in use on your SharePoint server. Ensure that ' Allow Anonymous' is set to ' No'. Ensure that ' Use Secure Sockets Layer (SSL)' is set to ' Yes'. Make a note of the ' Zone' that is set for the ' Load Balanced URL'. You will need to know this zone in step 2 below. Click ' OK'. Screenshot: Extending the SharePoint site to another IIS web site

Step 2: Configure the IIS Authentication Providers Go back to SharePoint's ' Manage web applications' section. Select the required SharePoint site and click ' Authentication Providers'. Screenshot: Selecting 'Authentication Providers' for a SharePoint site The ' Authentication Providers' screen appears. Click the name of the Zone (such as, 'Intranet' or 'Internet') that you used to extend the SharePoint site in step 1 above. The ' Edit Authentication' screen appears. Ensure that ' Integrated Windows authentication' is not selected and ' Basic authentication (password is sent in clear text)' is selected. Click ' Save'. SSL will secure the password information Because this endpoint will be using Secure Sockets Layer (SSL), the password will not be sent in clear text even though basic authentication is used. Screenshot: Editing the IIS authentication settings

Step 3: Configure the Alternate Access Mappings In this step you will remove the default public URL that SharePoint created during the previous step and replace it with an internal URL mapping. Go back to SharePoint Central Administration and select the ' System Settings' portal. In the ' Farm Management' section, select '*Configure alternate access mappings'. Click the link on the ' Internal URL' that represents the newly-created IIS web site defined in step 1 above. Screenshot: Finding the newly-created alternate access mapping to delete

Click the ' Delete' link to remove this mapping. Screenshot: Deleting the alternate access mapping 7. 8. Click ' Add Internal URLs'. Select the ' Alternate Access Mapping Collection' that represents the root SharePoint site that you are extending. Set the ' URL protocol, host and port' to the URL that directs to the newly-created IIS web site defined in step 1 above. Click ' Save'. Screenshot: Adding the alternate access mapping Step 4: Import the SSL Certificate into IIS In this step you will ensure that your IIS web site is configured for SSL and import an SSL certificate into the IIS web site. Step 1: Make Sure the IIS Web Site is Configured for SSL Log in to your SharePoint server with a Windows account that has permission to administer IIS. Run the ' Internet Information Services (IIS) Manager'. In the 'Connections' panel on the left, expand the ' Sites' folder and click on the IIS web site that you created in step 1 above. You can identify this web site by looking at the ' Description' field. Double-click the 'SSL Settings' icon in 'Features View'.

Ensure that the 'Require SSL' option is selected. Click 'Apply' in the 'Actions' panel on the right. Step 2: Obtain or Create a Certificate SharePoint already accepting SSL? If your SharePoint Server already accepts SSL traffic, then you already have a certificate installed on your SharePoint server. If this is the case, please skip ahead to step 3 below. You need an X.509 certificate that you can import into IIS. IIS will use the certificate to encrypt the SSL channel and prove the server's identity to clients. In the table below are the two ways of obtaining a certificate. Disclaimer Communardo does not endorse or represent any of the example certificate issuers listed below. Communardo cannot accept responsibility for the veracity of any digital certificate issued by a third party. You should ensure that any certificate you use is from a provider that you trust. Option Example Provider Benefit Drawback Obtain a certificate from a trusted certificat e authority Thawte Consulting Verisign Most major certificate authorities are automatically trusted by most modern operating systems, so no configuration is required on the client to trust your certificate. The certificate authority may charge a fee for issuing the certificate and/or an annual renewal fee. Generate your own certificate x509builder Java keytool Free Client computers may require configuration to trust your certificate's authenticity. Step 3: Import the Certificate into IIS Once you have generated or obtained a certificate, you will usually receive: The certificate stored in a file format such as pfx. A password that encrypts the file.

Follow these instructions to import the certificate into IIS: 7. 8. 9. Copy the certificate file to your SharePoint server. Log in to your SharePoint server with a Windows account that has permission to administer IIS. Run the ' Internet Information Services (IIS) Manager'. Select the local IIS Web Server in the 'Connections' panel on the left. Double-click the 'Server Certificates' icon in the 'Features View'. Click the 'Import' link in the Actions panel on the right. Set the Certificate file (.pfx) field to the path to your certificate file on your SharePoint server. Enter the 'Password' for certificate. Click 'OK'. Step 4: Configure SSL Binding In the 'Connections' panel on the left, expand the ' Sites' folder and click on the IIS web site that you created in step 1 above. You can identify this web site by looking at the ' Description' field. In the 'Actions' panel on the right, click 'Bindings'. Select the binding for your SharePoint site and click 'Edit'. In the 'SSL certificate:' field, select the SSL Certificate that you imported into IIS in Step Click 'OK'. Click 'Close'. Test your configuration Make sure that you test your SSL configuration by accessing the SharePoint site in a web browser, before proceeding any further. Step 5: Restrict the IIS Web Site to Confluence As an additional layer of security, you should configure your SSL-secured web site to allow access from the Confluence server only. Confluence must have a static IP address or DHCP lease reservation You will only be able to perform this step if your Confluence server has a static IP address. If your Confluence server has a dynamic IP address, then speak to your network administrator about adding a static IP address or a DHCP lease reservation for the Confluence server. 7. 8. Note the IP address of your Confluence server. Log in to your SharePoint server with a Windows account that has permission to administer IIS. Run the ' Internet Information Services (IIS) Manager'. In the 'Connections' panel on the left, expand the ' Sites' folder and click on the IIS web site that you created in step 1 above. You can identify this web site by looking at the ' Description' field. Double-click on 'IP Address and Domain Restrictions' in the 'Features View'. Click 'Edit Feature Settings ' in the 'Actions' panel on the right. In the 'Edit IP and Domain Restrictions Settings' popup, set the 'Access for unspecified clients:' to ' Deny'. Click ' OK'.

9. 10. 1 Click ' Add Allow Entry ' in the 'Actions' panel on the right. In the 'Specific IP address:' field, enter the IP Address of your Confluence server. Click 'OK'. Screenshot: IP restriction on IIS web site Configuring Confluence Step 1: Trust SharePoint's SSL Certificate Skip all of step 1 if you obtained a certificate from a trusted CA If you purchased a certificate from a trusted certificate authority, then your certificate is already trusted by the Confluence server and you can skip this step. Go to step 2 below. If you generated your own certificate or obtained one from a less well-known certificate authority, please follow the steps below. To configure Confluence to trust the certificate on your SharePoint server, you must add the certificate's public key to the Java runtime's Certificate Authority keystore as described below. Step 1: Create a.cer File Skip step 1 if you already have a.cer file The certificate's public key must be imported into the Java keystore as a certificate file in.cer file format. If you already have a.cer fil e you can skip this step and go to step 2 below. If you only have a.pfx file and need to create the.cer file, read on! A simple way to create the required file is to import and export the certificate in and out of the Windows certificate store. This works because the export operation allows you to choose the export format. The first step is to import the certificate into Windows: Using a Windows computer, open the Microsoft Management Console by clicking the ' Start' button, selecting ' Run' and then running the command ' mmc.exe'. 7. 8. 9. In the Microsoft Management Console, select ' Add/Remove Snap-in... ' from the ' File' menu. Click '' Add.... Highlight the ' Certificates' snap-in from the list and click ' Add'. Ensure that ' My user account' is selected and then click ' Finish'. Click ' Close'. Click ' OK'. Expand the tree from ' Console Root' to ' Certificates - Current User' to ' Personal'. Right-click ' Personal' and select ' Import... ' from the ' All Tasks' menu.

10. When the ' Certificate Import Wizard' is displayed, click ' Next'. Screenshot: The certificate import wizard 1 Click ' Browse... ' and select the.pfx certificate file. (You may need to set the ' Files of type' filter to ' Personal Information Exchange (. pfx, *.p12)*'. 1 Click ' Next'. 1 Enter the ' Password' for the certificate. 1 Ensure that the ' Mark this key as exportable' option is selected. 1 Click ' Next'. 1 Click ' Next'. 17. Click ' Finish'. At this point, your certificate should appear in the ' Personal' folder of the 'Certificates' snap-in. Screenshot: Personal certificates Now you can export the certificate in the desired.cer format:

7. 8. 9. Right-click the certificate and select ' Export... ' from the ' All Tasks' menu. When the Certificate Export Wizard opens, click ' Next'. Ensure that the ' No, do not export the private key' option is selected. Click ' Next'. Ensure that the ' DER encoded binary X.509 (.CER)' option is selected. Click ' Next'. Enter a ' File name' for the exported certificate (such as '{{}}C:\cert.cer'). Click ' Next'. Click ' Finish'. Step 2: Import the.cer File onto the Confluence Server We have provided a batch script (see below) for Windows environments. If you are running Confluence on UNIX, please perform the import manually. The batch script uses the Java runtime's keytool command to import the certificate into the required location on the Confluence server. The script will add the certificate to the root Java Secure Sockets Extensions keystore, which is located in your Java Runtime Enviroment's (JRE's) lib\security directory with the name jssecacerts. This is the required location in order for the certificate to be trusted by Confluence. Requirements This script assumes the following about your environment: You are using a Confluence stand-alone installation running on the Sun JVM. Your %JAVA_HOME% environment variable has been set correctly. You have copied the.cer file created in step 1 above to the C: drive of your Confluence server. Copy and execute this batch script (Windows) to add the certificate to the keystore: @echo off set keytool="%java_home%\bin\keytool.exe" set keystore="%java_home%\jre\lib\security\jssecacerts" set certificatefile=c:\sharepoint.cer %keytool% -import -alias sharepoint -keystore %keystore% -storepass changeit -file %certificatefile% Step 2: Configure the Alternative URL in Confluence The final step is to configure your Confluence server to communicate via the new URL you have set up. If you are installing the SharePoint Connector for the first time, please continue with the next step of the installation procedure. In one of the later steps, you will configure the alternative URL in Confluence. If you have already installed and configured the Confluence plugins, please follow the instructions now to configure the alternative URL in Confluence.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback