ActiveShareFS 2010 Installation

Please visit the product page for information on getting ActiveShareFS 2010.

To install, run the installer as administrator. The installer will ask for a product key that you should have obtained from 9STAR. Visit the product page for more information. Once complete, you will need to manually copy some files and also edit some files:

Backup these files

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\LAYOUTS\AccessDenied.aspx
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\LAYOUTS\signout.aspx

Copy these files:

Copy

<ASFS_HOME>\layouts\AccessDenied.aspx
<ASFS_HOME>\layouts\signout.aspx
<ASFS_HOME>\layouts\ASFSLoginPage.aspx
<ASFS_HOME>\layouts\ASFSLogoutPage.aspx

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\LAYOUTS\

Edit the web.config of the ASFS-enabled zone. reference

Under /configuration/configSections, add:

<section name="asfs" type="ActiveShareFS.Config.ASFSConfiguration, ActiveShareFS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=4399a4b0b78bd79c"/>

Under /configuration, add:

<asfs>
  <loginUrl value="/Shibboleth.sso/Login"/>
  <logoutUrl value="/Shibboleth.sso/Logout" logoutPage="/\_layouts/ASFSLogoutPage.aspx"/>
  <adminEmail value="support@example.org"/>
  <rulesConfiguration
    file="C:/Program Files (x86)/9Star Research/ActiveShareFSFNX/etc/asfs.xml"
    xsdFile="C:/Program Files (x86)/9Star Research/ActiveShareFSFNX/etc/asfs.xsd"
    updateOnChanges="true"
    ssoPath="Shibboleth.sso"
  />
  <sessionIdentifier value="HTTP_SHIBSESSIONID"/>
  <logger file="C:/Program Files (x86)/9Star Research/ActiveShareFSFNX/logs/asfs.log" level="ALL" fileSize="5MB" maxSizeRollBackups="10" />
  <membershipProvider name="smp"/>
  <roleProvider name="srp"/>
  <intermediatePage enabled="false" customMessageEnabled="true" termsOfServiceEnabled="false">
    <pageTitle value="Welcome to ActiveShareFS 2010 Single Sign-On"/>
    <pageTitleInTitleArea>
      <![CDATA[
        <span style="color: black;">Welcome to </span><b><span style="color: #cc0000;">ActiveShareFS 2010</span></b><span style="color: black;"> Single Sign-On</span>
      ]]>
    </pageTitleInTitleArea>
    <submitButton value="Continue"/>
    <termsOfService>
      <![CDATA[
        <pre>
          TERMS OF SERVICE AGREEMENT
        </pre>
      ]]>
    </termsOfService>
    <customMessage>
   <![CDATA[
     <span style="color: black;">You are signing in to this site using </span><b><span style="color: #cc0000;">ActiveShareFS 2010</span></b><span style="color: black;">.</span>
   ]]>
    </customMessage>
  </intermediatePage>
</asfs>

Make sure that the path to the asfs.xml and asfs.log files match where you've installed ActiveShareFS.

Under /configuration/system.web/httpModules, replace the module named “FederationAuthentication” with the following:

<add name="FederatedAuthentication" type="ActiveShareFS.AuthenticationModules.ASFSSPFederationAuthenticationModule, ActiveShareFS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=4399a4b0b78bd79c" />

Under /configuration/system.web/membership/providers, add:

<add name="smp" type="ActiveShareFS.Providers.ShibbolethMembershipProvider, ActiveShareFS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=4399a4b0b78bd79c" applicationName="/" />

Under /configuration/system.web/roleManager/providers, add:

<add name="srp" type="ActiveShareFS.Providers.ShibbolethRoleProvider, ActiveShareFS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=4399a4b0b78bd79c" applicationName="/" />

Under /configuration/system.webServer/modules, replace the module named “FederationAuthentication” with the following:

<add name="FederatedAuthentication" type="ActiveShareFS.AuthenticationModules.ASFSSPFederationAuthenticationModule, ActiveShareFS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=4399a4b0b78bd79c" />

Edit the web.config of the STS

The file is located at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken\web.config Add the following to /configuration:

<system.web>
  <roleManager>
    <providers>
      <add name="srp" type="ActiveShareFS.Providers.ShibbolethRoleProvider, ActiveShareFS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=4399a4b0b78bd79c" />
    </providers>
  </roleManager>
  <membership>
    <providers>
      <add name="smp" type="ActiveShareFS.Providers.ShibbolethMembershipProvider, ActiveShareFS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=4399a4b0b78bd79c" />
    </providers>
  </membership>
</system.web>

Edit the web.config of Central Admin

Add only the ASFS Membership provider. Do not add the role provider (it is not used here and can cause errors). This is to allow you to add a user as site collection administrator or through the web application’s User Policy.

Under /configuration/system.web/membership/providers, add:

<add name="smp" type="ActiveShareFS.Providers.ShibbolethMembershipProvider, ActiveShareFS, Version=1.0.0.0, Culture=neutral, PublicKeyToken=4399a4b0b78bd79c" applicationName="/" />

Configure logdir permissions

Give the ASFS-enabled zone’s AppPool user sufficient permissions to write to the ASFS log. Do this by allowing Modify, Read, Write to the <ASFS\_HOME>\logs directory.

Restart the shibd service

Restart IIS

Now you are ready to try a login. Go to http(s)://mysp.example.com. If you have anonymous access enabled for the webapp, you may see the contents of the main page. From there you will need to click “Sign In”, which will redirect you for authentication at the configured identity provider. If you do not have anonymous access enabled, you will be automatically redirected to the identity provider for authentication.

Once you have authenticated, you will be redirected back to SharePoint and you will probably see an Access Denied page. Check the ASFS log if you encounter any errors. If you do not see any errors, you can configure some rules in the ASFS configuration file so that users can access the webapp.