Export (0) Print
Expand All

Set-SPSecurityTokenServiceConfig

 

Applies to: SharePoint Server 2010, SharePoint Foundation 2010

Topic Last Modified: 2010-07-21

Updates the settings of the SharePoint security token service (STS) identity provider.

Set-SPSecurityTokenServiceConfig [-AssignmentCollection <SPAssignmentCollection>] [-Confirm [<SwitchParameter>]] [-FormsTokenLifetime <Int32>] [-ImportSigningCertificate <X509Certificate2>] [-MaxLogonTokenCacheItems <Int32>] [-MaxServiceTokenCacheItems <Int32>] [-ServiceTokenCacheExpirationWindow <Int32>] [-ServiceTokenLifetime <Int32>] [-WhatIf [<SwitchParameter>]] [-WindowsTokenLifetime <Int32>]
Set-SPSecurityTokenServiceConfig -SigningCertificateThumbprint <String> [-AssignmentCollection <SPAssignmentCollection>] [-Confirm [<SwitchParameter>]] [-FormsTokenLifetime <Int32>] [-MaxLogonTokenCacheItems <Int32>] [-MaxServiceTokenCacheItems <Int32>] [-ServiceTokenCacheExpirationWindow <Int32>] [-ServiceTokenLifetime <Int32>] [-SigningCertificateStoreName <String>] [-WhatIf [<SwitchParameter>]] [-WindowsTokenLifetime <Int32>]

This cmdlet contains more than one parameter set. You may only use parameters from one parameter set, and you may not combine parameters from different parameter sets. For more information about how to use parameter sets, see Cmdlet Parameter Sets.

The Set-SPSecurityTokenServiceConfig cmdlet updates the settings of the SharePoint security token service (STS) identity provider. If a certificate file is used, the certificate must be an X509 certificate with private keys, otherwise an exception is raised.

noteNote
This cmdlet operates only with certificates that can be exported. To create a certificate which can be used in this cmdlet specify the X509KeyStorageFlags.Exportable bit in the keyStorageFlags parameter of the x509Certificate2 object constructor.

 

Parameter Required Type Description

SigningCertificateThumbprint

Required

System.String

Specifies the thumbrpint of the signing certificate.

The type must be a valid identity of a signing certificate; for example 2796BAE63F1801E277261BA0D77770028F20EEE4.

AssignmentCollection

Optional

Microsoft.SharePoint.PowerShell.SPAssignmentCollection

Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the SPAssignment object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or SPSiteAdministration objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.

noteNote
When the Global parameter is used, all objects are contained in the global store. If objects are not immediately used, or disposed of by using the Stop-SPAssignment command, an out-of-memory scenario can occur.

FormsTokenLifetime

Optional

System.Int32

Specifies the expiration time, in minutes, for tokens issued to ASP.NET Membership Provider and Role providers. The default value is 1380.

The type must be a valid integer.

ImportSigningCertificate

Optional

System.Security.Cryptography.X509Certificates.X509Certificate2

Specifies the X.509 certificate object from trusted authentication provider farm.

The type must be a name of a valid X.509 certificate; for example, Certificate1.

MaxLogonTokenCacheItems

Optional

System.Int32

Specifies the maximum number of entries for the in-memory logon token cache. The default value is 10000 entries.

The type must be a valid integer.

MaxServiceTokenCacheItems

Optional

System.Int32

Specifies the maximum number of entries for the in-memory service token cache. The default value is 10000 entries.

The type must be a valid integer.

ServiceTokenCacheExpirationWindow

Optional

System.Int32

Specifies the interval, in minutes, for automatically renewing the token in the cache. The default value is 2 minutes.

The type must be a valid integer.

ServiceTokenLifetime

Optional

System.Int32

Specifies the expiration time, in minutes, for the security token service cache. The default value is 15 minutes.

The type must be a valid integer.

SigningCertificateStoreName

Optional

System.String

Specifies the certificate store where the signing certificate resides. The identity store for an identity provider can be a SQL database table, an Active Directory Domain Services (AD DS), or Active Directory Lightweight Directory Service (AD LDS).

The type must be a valid identity of a signing certificate store; for example IdentityStore1.

WindowsTokenLifetime

Optional

System.Int32

Specifies the expiration time, in minutes, for tokens issued to Windows users. The default value is 1380 minutes.

The type must be a valid integer.

------------------EXAMPLE 1------------------

Set-SPSecurityTokenServiceConfig -SigningCertificateThumbprint "2796BAE63F1801E277261BA0D77770028F20EEE4"

This example updates the signing certificate of the SharePoint security token service (STS) identity provider with a certificate that has been deployed in the certificate store.

------------------EXAMPLE 2------------------

$stsCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "c:\sts.pfx","a",20
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $stsCert

This example imports the signing certificate for the SharePoint STS identity provider.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft