Skip to content

SPSecurityTokenServiceConfig

Yorick Kuijs edited this page Dec 17, 2021 · 12 revisions

SPSecurityTokenServiceConfig

Parameters

Parameter Attribute DataType Description Allowed Values
IsSingleInstance Key String Specifies the resource is a single instance, the value must be 'Yes' Yes
Name Required String The name of the security token service
NameIdentifier Write String The identifier for the security token service
UseSessionCookies Write Boolean True set the security token service to use cookies
AllowOAuthOverHttp Write Boolean True set the security token service to allow OAuth over HTTP
AllowMetadataOverHttp Write Boolean True set the security token service to allow metadata exchange over HTTP
FormsTokenLifetime Write UInt32 Timespan in minutes to set FormsTokenLifetime
WindowsTokenLifetime Write UInt32 Timespan in minutes to set WindowsTokenLifetime
LogonTokenCacheExpirationWindow Write UInt32 Timespan in minutes to set LogonTokenCacheExpirationWindow
Ensure Write String Present ensures the configurations are applied Present, Absent

Description

Type: Distributed Requires CredSSP: No

This resource is responsible for configuring the Security Token Service within the local SharePoint farm. Using Ensure equals to Absent is not supported. This resource can only apply configuration, not ensure they don't exist.

This resource is also able to set the properties FormsTokenLifetime, WindowsTokenLifetime and LogonTokenCacheExpirationWindow. It checks for values leading to "The context has expired and can no longer be used." errors. The value for LogonTokenCacheExpirationWindow must be higher than the values for FormsTokenLifetime and WindowsTokenLifetime, it will return an error if not.

Examples

Example 1

This example configures the Security Token Service

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $SetupAccount
    )

    Import-DscResource -ModuleName SharePointDsc

    node localhost
    {
        SPSecurityTokenServiceConfig SecurityTokenService
        {
            IsSingleInstance      = "Yes"
            Name                  = "SPSecurityTokenService"
            NameIdentifier        = "00000003-0000-0ff1-ce00-000000000000@9f11c5ea-2df9-4950-8dcf-da8cd7aa4eff"
            UseSessionCookies     = $false
            AllowOAuthOverHttp    = $false
            AllowMetadataOverHttp = $false
            PsDscRunAsCredential  = $SetupAccount
        }
    }
}
Clone this wiki locally