Recently I was trying to setup a SharePoint 2010 site with FBA that uses an LDAP provider. I looked up for instructions & I was able to find a tonne of material on how to do this and everyone had given nice snippets of the web.config stuff. But what most (every post that I checked out) people missed was that they need to put in the default role provider within the Secure Token Service's configuration file as well. And this needs to be set to the same thing that you have on the web application that uses the FBA.
Not doing this would result in Event ID 8306 - with the message "An exception occurred when trying to issue security token: The security token username and password could not be validated.." every time you try login to the web application using FBA. This costed me almost a whole day and I hope this will save someone's time.
If you need some help on setting up FBA with LDAP for SharePoint 2010 web applications, read the post by Steve Peschka for step by step instructions.
I was originally trying to set this up for a real world usage and not for demo / sample purposes. That said, securing these SharePoint sites & the assets behind the sites is a real important thing too. The web application exposed to the outside world uses SSL to secure the transport.
If you need some help in setting up SSL, read the post by by Sowmyan on setting up SSL for SharePoint sites. Another post on the same topic by Waldek can be found here.
One thing that made my head spin was the usage of SSL to communicate between the SharePoint server & the LDAP server. It looks very obvious from the following code that one should simply set useSSL to true in their provider (both role & membership) configurations everywhere. But hold on...you won't be able to login to your SharePoint site anymore after you set it to true! And you will also see the same old exception (mentioned above) in your SharePoint & Windows event logs.
If you're wondering what in the world is happening or if you are like me and just decided to give up, then here's how you do it. You change your port to use the SSL specific port (default is 636); However leave useSSL as false! I know...that sounds really weird, but that's the way the cookie crumbles.
No comments:
Post a Comment