Pascal Cased Page

Enter a topic name to show or a new topic name to create; then press Enter

.

Summary

Steps for Passport installtion

Steps for installing passport on your own machine

• Registering our site with RPS 4.0
• Acquire RPS Certificates
• Install Certificates
• Modify rpsserver.xml file
• Copy and Configure Website
• Installing SSL certificate
• Modify Cobrand.xml file
• Upload Cobrand.xml file
• Upload SSL Certificate
• Verify our site

1. Registering our site with RPS 4.0

• Goto the https://netservicesmanager-int.com/ website
• Click "Create and Manage an Application", a page opens up for you to Sign In or Sign Up.If you don’t have a passport-int account, you have to Sign up for a new INT account and then Sign In. In case you have a passport-int account, you can directly sign in. Please remember that the usual hotmail.com or the hotmail-ppe.com accounts don’t work in this environment.After successful logon, follow the following steps-

	Create Application
INT Application Name	Enter ssp and click Submit.On submitting you get a different page depending on whether you had an application already created or you are a first time user
	Add service
	Select "new" and click Next
	Select Service
	Select “Microsoft Passport” for getting authentication from and click Next
	Select Policy Group
	Here you MUST Select “Microsoft Policy group” and click Next
Web site title	Can be anything. For instance, “MSN Warhol”
Domain Name	<<Your_machine_name>>.fareast.corp.microsoft.com
DNS Name	<<Your_machine_name>>.fareast.corp.microsoft.com
Default Return URL	http://<<Your_machine_name>>.fareast.corp.microsoft.com/ssp/ManageContent.aspx
Expire Cookie URL	http://<<Your_machine_name>>.fareast.corp.microsoft.com/ssp/Logout.aspx
Logout URL	http://<<Your_machine_name>>.fareast.corp.microsoft.com/ssp/ManageContent.aspx
Consent Needed	Select "Full Consent" and click Next
	Cobranding Information
Default Cobrand Image URL	http:// <<Your_machine_name>>.fareast.corp.microsoft.com/ssp/images/ssp.jpg Click Next till you get "Strings for Localized Properties"
	Strings for Localized Properties
Language	Select English(en) and click Add
Web site Display Name	Specify the Web Service Title. This name will be displayed whenever we Signout.Choose the same name as you have in the Website title in the beginning of the process. Here, we’ve chosen “Self Service Portal” by mistake in place of “MSN Warhol” (that was chosen in the beginning). Submit the page.

• Now we are done with Registering our site. And we will get a site id now.
• Click on ‘Go to Manage Applications’ . Now we will get a window showing "Application","Environment","Service","Site ID" and "Policy Group" which confirms the RPS Installation.

2. Acquiring RPS Certificates

We can acquire these certificates from the link: http://sts/Passport/RPs/getcert.aspx

Click on RPS Test Certificates under Step 2. A File Download pop-up appears. Save it to your local disk. This zip contains the certificates.

• Now install xml4.0 and RPS4.0 from the following locations-
• msxml4: \\passarc01\rps4.0\Release\0144\retail\setup\msi
• RPS 4.0: \\passarc01\rps\builds\4.0\1504\retail\setup\msi

• Install MSXML4.msi (it is very straight forward.)
• Install rps.msi

Follow the following instructions to install rps.msi-

Customize Setup	Browse to choose a convenient location on your local disk, Click Next
Select a Target Environment	Select "INT" in our case, click Next
Configure RPS to use customized configuration files	Simply click next without entering any details
OPTIONAL: Configure RPS with a Cookie Encryption Certificate(CEK)	Simply click next without entering any details
OPTIONAL: Configure RPS with a Data Encryption Certificate(DEK)	Simply click next without entering any details
Select service account to configure DCOM per...	NT AUTHORITY\NetworkService Install and Finish

3. Install Certificates

• Go to the location where the zip file for certificates was saved
• Copy the rpstest.cer to “c:\program files\microsoft passport rps\config\certs”.
• Double click the rpstest.cer file and follow the instructions below.
• In the “Certificate Import Wizard”,
• Install certificate
• Select “Place all certificates in the following store”. Click “Browse”.
• Check the “Show physical stores” option.
• Select “Trusted Root Certification Authorities” – “Local Computer”. Click Ok, then Finish. You should get “Import successful” message.

• Now copy rpstest.pfx file that we obtained from the zip folder from above step(i.e., Acquiring certificates) to some location.(Note:It should not be placed in the same location where rpstest.cer file is placed)
• Now install “pptestrootca.cer” file that we obtained from the Zip folder while "Installing Certificates". Follow the same instructions as done for installing Certificates. (Note:It should not be placed in the same location where rpstest.cer file is placed)

4. Modify rpsserver.xml file

Here we should check that Proxy is set properly. Please ensure that these nodes exist

<NetworkServices>

….

<Proxy>http://itgproxy:80</Proxy>

….

</NetworkServices>

Note

For the machines in the Phoenix domain, the Proxy node needed to be empty as those machines could not access the itgproxy

Make the following changes to the xml.

Modify <CoBrandTemplate/> to …..

<CoBrandTemplate>

http://<<Your_machine_name>>.fareast.corp.microsoft.com/ssp/cobrand/cobrand.xml

</CoBrandTemplate>

Notes:

- For the machines in the Phoenix Domain the URL would include the domain name that you registered (i.e. ssp.test.msn-int.com), not the machine name.

<AuthPolicy>MBI</AuthPolicy>

…..

</default>

And at end add the site’s details that we have registered.

(Remove all other <Site> … </Site> nodes.)

        <Site SiteName="ssp">
        <AuthCookieDomain><<Your_machine_name>>.fareast.corp.microsoft.com </AuthCookieDomain>
        <CookieCertName>rpstest</CookieCertName>
        <ReturnURL>http://<<Your_machine_name>>.fareast.corp.microsoft.com /ssp/managecontent.aspx</ReturnURL>
        <SecAuthCookieDomain><<Your_machine_name>>.fareast.corp.microsoft.com </SecAuthCookieDomain>
        <SiteId>62562</SiteId>
        </Site>


        Notes:
        - For the machines in the Phoenix Domain the URLs would include the domain name that you registered (i.e. ssp.test.msn-int.com), not the machine name. 

5. Copy and Configure website

• Copy the UI pages(SSP folder from Zip folder) from the location provided and copy that to your local machine. Here I am Copying that folder to ‘C:\Projects\Main’
• Now go to IIS (Start->Run->Inetmgr)
• Stop the Default Web Site (If it is running)
• Open the properties for the Default Web Site
• Change the TCP Port to 90, so that it doesn't conflict with the new site you are going to create which will be running on Port 80
• Clear the SSL Port, so that it doesn't conflict with the SSL Port you are going to create which will be running on Port 443
• Now Right Click on websites, Select new Website
• In the description enter the DNS Name(that we specified while registering our site) in the description.
• Now it will ask for the path. Give the path as “C:\Inetpub\wwwroot”
• Now our website will get displayed in the websites list.
• Right Click on the Website that we created and Select Properties.
• Now right click on the website that we created and select New->Virtual directory
• Give the Alias as ”ssp” and Specify the path for the folder where we copied the UI Pages in step1. Here it is ‘C:\Projects\Main\SSP’.
• Right click on the Virtual directory that we created and select properties.
• Select Asp.Net tab
• Make sure that Asp.Net version is 2.0.50727.

6. Installing SSL certificate

• Open MMC(start->run->MMC)
• Goto File->add/Remove Snap-in
• Select Console Root and Click Add
• Click "Certificates" => "Add" => "Computer Account" => "Local computer" => "Finish" => "Close" => "Ok"
• Now expand Personal (under Certificates) and select Import. Click Next
• Now give the path for the .pfx file that we copied in step 2 and click Next
• Enter the password as ‘password’ and ‘select mark key as exportable’. And click Next
• Select “Place all certificates in the following store”
• Click “Finish”
• You should get “Import successful” message.
• Now give full control to Network Service (Under Security Tab) for the folder where our UI code is existing
• Give full control to Network service for config folder present in c:\Program Files\Microsoft Passport RPS\config.
• Create the Logfile directory (example SSP_LogFile)
• Give full control to Network Service to the Logfile directory
• Create an empty logfile.txt file (may or may not be necessary)
• Update Web.config file (in the path c:\projects\Main\ssp\web.config) with all the Appropriate information. Like the connection string, webservice URI etc.

        Notes:
        - For the machines in the Phoenix domain, remember that these machines will not be able to access any resources in the Redmond or Fareast Domains.  This includes fileshares and web service URLs.

7. Modify Cobrand.xml file

This file will present under the folder where we have copied the UI pages.Here the path is “c:\projects\Main\SSP\cobrand\cobrand.xml”. Here we need to modify the site id and the URLs.Enter the siteid in the <siteid> </siteid> node. Change the URLs. The changes should be made are

<DefaultImageURL>

http:// <<Your_machine_name>>.fareast.corp.microsoft.com/ssp/images/ssp.jpg

</DefaultImageURL>

<HeaderURL>

http://<<Your_machine_name>>.fareast.corp.microsoft.com/ssp/cobrand/header.aspx

</HeaderURL>

<LeftURL>

http://<<Your_machine_name>>.fareast.corp.microsoft.com/ssp/cobrand/left.aspx

</LeftURL>

<FooterURL>

http://<<Your_machine_name>>.fareast.corp.microsoft.com/ssp/cobrand/footer.aspx

</FooterURL>

        Notes:
        - For the machines in the Phoenix Domain the URLs would include the domain name that you registered (i.e. ssp.test.msn-int.com), not the machine name.  

8. Upload Cobrand.xml file

• For this go to the netservicesmanager-int.com, where we have registered our site and navigate to the page where we got the site id.At the bottom of the page, we can find one link ‘Upload/Download XML’.Click on the link. Browse to the file where our cobrand.xml file is located and submit.Our cobrand file will be uploaded and we will get a success message.

        Notes:
        - For the machines in the Phoenix Domain, you are doing the Passport install on multiple machines.  You only have to upload the cobrand.xml file once.

9. Upload SSL Certificate

• Go to “Applications” tab.
• Click on Key Management (find this link to the left side)
• Choose “Upload Certificate”
• Click Submit
• Browse for the File Name rpstest.cer in the Certificates that we got in step 2.
• Write the certificate name as "rpstest.cer" and click Submit.

10. Verify our Site

Now we can verify our site from the browser. The urls are

http://<<Your_machine_name>>/fareast.corp.microsoft.com/ssp or

http://<<Your_machine_name>>/ssp