SPS 2013, SQL 2008 R2, FIM 2010 R2

By admintech

Working with IBM products for years I thought let’s give Microsoft products a glimpse.

The idea is to build a publicly facing, collaboration solution with content managed in an authoring system, workflows for publishing and users being able to self register.

2013-03-20_1739

The first part was to build the different images, which is 1 VMware image hosting the Sharepoint 2013 server and 3 Hyper-V images for the Active Directory and SQL server, as well as one image for the Forefront Identity Manager.

The image above shows the setup, in this post I documented the basic issues I ran into.

For the ADDC image the following roles were configured:

        

  1. Active Directory Domain Services

    2.     

  2. DNS Server (as part of ADDS)

    3.     

  3. Active Directory Certificate Services

    4.     

  4. IIS Web Server (as part of ADCS)

Running the dcpromo.exe task is a straightforward thing; the Enterprise CA was setup as a Root CA with a new private key, simple; a certificate authority (CA) is primarily needed for the FIM installation.

2013-03-20_1818

For the SQL server things were also straightforward with errors and configuration options documented here.

Now for the awkward part: FIM. Being smart means to ask questions before ! spending time (days !) and money. The MSDN technet folks finally answered my questions about enrollment, self registration etc.: there is no no “out of the box” feature available for FIM 2010 R2. Once managing identities, 2-step authentication, SSPR (Self Service Password Reset) etc. is needed, FIM seems to be the proper choice, but not for the simple task of giving “external” users the option to self-register with your portal.

If anybody is out there (at least in the technet forums I found some), working on the requirement of users self-registering in a Sharepoint portal and having a solution ready to deploy, let me know. I still will give PWM a try and share results.

Microsoft’s approach seems being favoring Identity Providers like Windows Live, Google, Facebook etc., some interesting reads below:

http://www.windowsazure.com/en-us/develop/net/how-to-guides/access-control/
http://www.wictorwilen.se/Post/Visual-guide-to-Azure-Access-Controls-Services-authentication-with-SharePoint-2010-part-1.aspx
http://sharepoint-live-authentication.shetabtech.com/home

Worth a look at are the following:
http://www.riolinx.com/en/default.aspx
http://sharepoint2013fba.codeplex.com