Install Steps for Microsoft Live@Edu SSO (Single-Sign-On) on Windows 2008 and WIndows 2008 R2

I while back i wrote some quick notes on the install steps to setup Microsoft Live@Edu SSO on a Windows 2008 R2. Some of the details may be different for you enviroment and a later issues i point out may be resolved since i was working with Version 4.1. I worked on this when I wrote http://liveatedussolinks.codeplex.com/ which allows SSO to login to Outlook Live and Live@Edu from SharePoint 2010. (I really need to upload the newest version of the SharePoint WebPart to both Sites but email me if you want a copy.)

UPDATE 4-3-2012 : Sorry I've not been updating this project in a bit, I've actually rewrote this project and am looking around at creating or sale this SSO Login with support for a small fee but honestly don't know a good way of going about it. Anyone have an idea about how to go about this? Is it wise to do it your self or sell it to someone and let them resale it.

I assume you've already registered your site to use SSO with Microsoft and they have sent you a certificate to use. I had to work with them as the cert they sent was invalid but hopefully you have better luck than I did and it works on the first request. If you need it you must setup with Microsoft the Windows LiveID SSO Kit. if you haven't already done this go to the Live@edu service management portal (http://eduadmin.live.com/), select Single sign-on. Then, click Request SSO Support to request the SSO SDK and certificate.

Download Newest Version - Microsoft Live@Edu SSO and extract contents on the server we're going to be configuring and working from the same server do the following.

Import the Microsoft Certificate

• Open MMC
• add snap in for Certificates
• chose computer account - local computer
• Navigate to Personal Certs
• Import the Cert Microsoft sent you for SSO
• mark as exportable, no password needed
• If imported a sapipartner.com entry should be added
• Right click the sapipartner.com and chose all tasks
• Manage Private keys
• add everyone full and give full access
• Need to sit down and figure out what is actually needed but this works

Install Microsoft Passport RPS (Relying Party Suite)

• From the extracted folder Install rps64.msi
• Warning: You must launch the msi with compatibility mode.
• Chose Production
• RPSServer.xml
• leave rpscomponent.xml blank
• leave sitename and everything else blank
• leave DEK and everything else blank
• NT AUTHORITY\NetworkService
• navigate to c:\Program Files\Microsoft Passport RPS
• copy RPSNetwork.xml to c:\Program Files\Microsoft Passport RPS\config
• Test Microsoft Passport RPS by running rpsDiag.exe
• click run
• All should be green, if not use the errors and fix till they are all Sucessfull

Install winhttpcertcfg.msi

• open a Administrative command window to "C:\Program Files (x86)\Windows Resource Kits\Tools"
• Run the following

winhttpcertcfg.exe -g -a %ComputerName%\NetworkService -c LOCAL_MACHINE\My -s sapipartner.com

• Check that granting private key access for account NT Authority\NetworkService works

Create Web Site

• Install Web Services Role (IIS)
• Enable management Features
• Copy SSOPortal folder from Microsoft Live@Edu SSO extracted folder  to C:\inetpub\wwwroot\
• Edit web.config - This is very important, there are notes that come in the Microsoft Live@Edu SSO extracted folder on what to change.
• Open IIS Manager
• Convert SSOPortal an application.
• Change the authentication to windows
• Disable anonymous Authentication

Test the SSOPortal site with http://(servername)/SSOPortal/default.aspx

Warning: The following was only needed for Windows 2008 R2

• Open MMC (fix only for 2008 R2)
• add snap-in "Component Services"
• open till DCOM Config
• open properties on RPSSvc
• Under Security
• Give everyone full access
• Need to sit down and figure out what is actually needed but this works