This article is for ShareKnowledge 11.2 or earlier, i.e. only for SharePoint-based versions.
In this article, you will learn how to set up ShareKnowledge 11.2 or earlier for allowing users to electronically sign courses by entering login and password when Azure AD authentication is used.
Configure Azure AD authentication as explained in this tutorial.
There is a chance you might need to add a SAML 1.1 token issuance policy in Azure AD after performing the previous step. This can be done as follows:
When the Azure AD application is created in the portal, it defaults to using SAML 2.0. SharePoint requires the SAML 1.1 token format. The following script will add a new policy to issue SAML 1.1 tokens. This code requires downloading the accompanying samples SAMLConfigPolicies.zip. Extract this archive and put the path to the folder with the extracted files in the script below. Make sure that you specify the application owner credentials in the request window that will pop up during the script execution.
cd <Path to SAMLConfigPolicies folder> Import-Module .\Initialize.ps1 $Id = "<AAD object Id from point step 3.2>" $policy = Add-TokenIssuancePolicy -DisplayName SharePointSAML11 -SigningAlgorithm "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" -TokenResponseSigningPolicy TokenOnly -SamlTokenVersion "1.1" Set-PolicyToApplication -policyId $policy.objectId -ApplicationId $IdFor more details on Token Issuance Policies with Azure AD, see the Graph API reference for operations on policy.
Then create and configure a native application in your Azure Active Directory as follows:
Go to your Active Directory, click “App Registrations”, and click “New Registration”.
Fill out the app registration form:
- Specify a name for this native application.
- In the “Supported Account Types” section, select “Accounts in this organizational directory only (… single tenant)”.
- In the “Redirect URI” section, select the “Public client/native (mobile & desktop)” item from the drop-down list and leave the field to the right blank.
- Then click “Register”.
- Specify a name for this native application.
Go to the “Authentication” page:
- In the “Platform configurations” section, click the “Add a Platform” button.
- Select “Mobile and Desktop Applications”.
- Check the “… (MSAL Only)” box and click “Configure”.
- Then select “Yes” from the “Allow Public Client Flows” option, which is located at the bottom of the page, and click “Save”.
- In the “Platform configurations” section, click the “Add a Platform” button.
Go to the “API Permissions” page:
- Click “Grant Admin Consent …”, click “Yes” in the confirmation popup window.
- Click “Grant Admin Consent …”, click “Yes” in the confirmation popup window.
Go to the “Overview” page:
- Copy the “Application (client) ID” to the clipboard.
- Paste it into the “Deployment.Authentication.AzureAD.Native.ApplicationId” system property.
- Copy the “Directory (tenant) ID” to the clipboard.
- Paste it into the “Deployment.Authentication.AzureAD.Tenant” system property.
- Recycle the ShareKnowledge application pool.
- Copy the “Application (client) ID” to the clipboard.