SPSecurityTokenServiceConfig - dsccommunity/SharePointDsc GitHub Wiki
Parameters
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| IsSingleInstance | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | Yes |
| Name | Required | String | The name of the security token service | |
| AllowMetadataOverHttp | Write | Boolean | True set the security token service to allow metadata exchange over HTTP | |
| AllowOAuthOverHttp | Write | Boolean | True set the security token service to allow OAuth over HTTP | |
| Ensure | Write | String | Present ensures the configurations are applied | Present, Absent |
| FormsTokenLifetime | Write | UInt32 | Timespan in minutes to set FormsTokenLifetime | |
| LogonTokenCacheExpirationWindow | Write | UInt32 | Timespan in minutes to set LogonTokenCacheExpirationWindow | |
| NameIdentifier | Write | String | The identifier for the security token service | |
| UseSessionCookies | Write | Boolean | True set the security token service to use cookies | |
| WindowsTokenLifetime | Write | UInt32 | Timespan in minutes to set WindowsTokenLifetime |
Description
Type: Distributed Requires CredSSP: No
This resource is responsible for configuring the Security Token Service within the local SharePoint farm. Using Ensure equals to Absent is not supported. This resource can only apply configuration, not ensure they don't exist.
This resource is also able to set the properties FormsTokenLifetime, WindowsTokenLifetime and LogonTokenCacheExpirationWindow. It checks for values leading to "The context has expired and can no longer be used." errors. The value for LogonTokenCacheExpirationWindow must be higher than the values for FormsTokenLifetime and WindowsTokenLifetime, it will return an error if not.
Examples
Example 1
This example configures the Security Token Service
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPSecurityTokenServiceConfig SecurityTokenService
{
IsSingleInstance = "Yes"
Name = "SPSecurityTokenService"
NameIdentifier = "00000003-0000-0ff1-ce00-000000000000@9f11c5ea-2df9-4950-8dcf-da8cd7aa4eff"
UseSessionCookies = $false
AllowOAuthOverHttp = $false
AllowMetadataOverHttp = $false
PsDscRunAsCredential = $SetupAccount
}
}
}