Set-SPSecurityTokenServiceConfig
Updates the settings of the SharePoint security token service (STS) identity provider.
Syntax
Set-SPSecurityTokenServiceConfig
-QueueSigningCertificateThumbprint <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-QueueSigningCertificateStoreName <String>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
-RevokeSigningCertificateThumbprint <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-RevokeSigningCertificateStoreName <String>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
-SigningCertificateThumbprint <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-SigningCertificateStoreName <String>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[-QueueSigningCertificateThumbprint <String>]
[-QueueSigningCertificateStoreName <String>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-ImportSigningCertificate <X509Certificate2>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-QueueSigningCertificate <X509Certificate2>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-RevokeSigningCertificate <X509Certificate2>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Description
This cmdlet contains more than one parameter set. You may only use parameters from one parameter set and you may not combine parameters from different parameter sets. For more information about how to use parameter sets, see Cmdlet parameter sets.
The Set-SPSecurityTokenServiceConfig cmdlet updates the settings of the SharePoint security token service (STS) identity provider.
If a certificate file is used, the certificate must be an X509 certificate with private keys, otherwise an exception is raised.
This cmdlet operates only with certificates that can be exported. To create a certificate which can be used in this cmdlet specify the X509KeyStorageFlags.Exportable bit in the keyStorageFlags parameter of the x509Certificate2 object constructor.
For permissions and the most current information about Windows PowerShell for SharePoint Products, see the online documentation at SharePoint Server Cmdlets.
Examples
--------------------EXAMPLE 1---------------------
Set-SPSecurityTokenServiceConfig -SigningCertificateThumbprint "2796BAE63F1801E277261BA0D77770028F20EEE4"This example updates the signing certificate of the SharePoint security token service (STS) identity provider with a certificate that has been deployed in the certificate store.
--------------------EXAMPLE 2---------------------
$stsCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "c:\sts.pfx","a",20
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $stsCertThis example imports the signing certificate for the SharePoint STS identity provider.
Parameters
-AssignmentCollection
Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the SPAssignment object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or SPSiteAdministration objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.
When the Global parameter is used, all objects are contained in the global store.
If objects are not immediately used, or disposed of by using the Stop-SPAssignment command, an out-of-memory scenario can occur.
| Type: | SPAssignmentCollection |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-Confirm
Prompts you for confirmation before executing the command.
For more information, type the following command: get-help about_commonparameters
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-FormsTokenLifetime
Specifies the expiration time, in minutes, for tokens issued to ASP.NET Membership Provider and Role providers. The default value is 1380.
The type must be a valid integer.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-ImportSigningCertificate
Specifies the X.509 certificate object from trusted authentication provider farm.
The type must be a name of a valid X.509 certificate; for example, Certificate1.
| Type: | X509Certificate2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-MaxLogonTokenCacheItems
Specifies the maximum number of entries for the in-memory logon token cache. The default value is 250 entries.
The type must be a valid integer.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-MaxServiceTokenCacheItems
Specifies the maximum number of entries for the in-memory service token cache. The default value is 250 entries.
The type must be a valid integer.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-QueueSigningCertificate
Sets the provided certificate as the queued signing certificate.
| Type: | X509Certificate2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-QueueSigningCertificateStoreName
The store to search in when looking up a certificate to be set as the queued signing certificate by its thumbprint. Required if QueueSigningCertificateThumbprint was specified.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-QueueSigningCertificateThumbprint
Sets the certificate with the provided thumbprint as the queued signing certificate.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-RevokeSigningCertificate
Revokes the signing certificate that matches the provided certificate.
| Type: | X509Certificate2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-RevokeSigningCertificateStoreName
The store to search when looking up a certificate to be revoked by its thumbprint. Required if the QueueSigningCertificateThumbprint was specified.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-RevokeSigningCertificateThumbprint
Revoke the signing certificate with the provided thumbprint.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-ServiceTokenCacheExpirationWindow
Specifies the interval, in minutes, for automatically renewing the token in the cache. The default value is 2 minutes.
The type must be a valid integer.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-ServiceTokenLifetime
Specifies the expiration time, in minutes, for the security token service cache. The default value is 15 minutes.
The type must be a valid integer.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-SigningCertificateStoreName
Specifies the certificate store where the signing certificate resides. The identity store for an identity provider can be a SQL database table, an Active Directory Domain Services (AD DS), or Active Directory Lightweight Directory Service (AD LDS).
The type must be a valid identity of a signing certificate store; for example IdentityStore1.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-SigningCertificateThumbprint
Specifies the thumbrpint of the signing certificate.
The type must be a valid identity of a signing certificate; for example 2796BAE63F1801E277261BA0D77770028F20EEE4.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-WhatIf
Displays a message that describes the effect of the command instead of executing the command.
For more information, type the following command: get-help about_commonparameters
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-WindowsTokenLifetime
Specifies the expiration time, in minutes, for tokens issued to Windows users. The default value is 1380 minutes.
The type must be a valid integer.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |