Updated: December 17, 2013
Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 Enterprise
Sets the authentication realm ID.
Set-SPAuthenticationRealm [-AssignmentCollection <SPAssignmentCollection>] [-Confirm [<SwitchParameter>]] [-Realm <String>] [-ServiceContext <SPServiceContextPipeBind>] [-WhatIf [<SwitchParameter>]]
Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the SPAssignment object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or SPSiteAdministration objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.
Prompts you for confirmation before executing the command. For more information, type the following command: get-help about_commonparameters
Specifies the realm ID value to be used. This is a string presentation of a GUID.
The full URL of a site in the site subscription.
Displays a message that describes the effect of the command instead of executing the command. For more information, type the following command: get-help about_commonparameters
Setting a new authentication realm blocks access for all SharePoint apps that use access tokens. These access tokens reference a token issuer whose ID includes the realm ID. When the realm ID is changed, tokens from that issuer are no longer valid in the realm. So, a new token issuer must be created whose ID includes the new realm ID. Another option is for you to set the realm ID back to its previous value by using the –Realm parameter and specifying the previous realm ID.
Before changing the realm ID be sure to record the current realm ID so that you can set it back if needed.
This command is typically used in an environment where site subscriptions have been set up and where the owners of one site subscription want to grant access to one or more SharePoint apps but the owners of other site subscriptions do not want to grant access to that same set of apps. Giving different realm IDs to the site subscriptions makes it possible to have separate token issuers for the site subscriptions. Apps that use tokens from one issuer cannot access websites within other site subscriptions.
For more information about realm and app authentication, see Guidelines for using certificates in high-trust apps for SharePoint 2013.
$c = Get-SPServiceContext -Site "http://<websiteurl>"
Set-SPAuthenticationRealm -ServiceContext $c -Realm "a686d436-9f16-42db-09b7-cb578e110ccd"
This example sets the authentication realm ID for the specified site subscription to the value specified by the -Realm parameter.
If there are no site subscriptions set up, this example will change the realm ID for the farm to the specified value.
December 17, 2013
Added important information about using the cmdlet correctly.
July 16, 2012