Sharing service apps between farms.

See http://technet.microsoft.com/en-us/magazine/hh528474.aspx Section 8

Run this PS on both farms and exchange certs:

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export(“Cert”) | Set-Content D:CertsConsumingFarmRoot.cer -Encoding byte
$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export(“Cert”) | Set-Content D:CertsConsumingFarmSTS.cer -Encoding byte

Then you can use Central admin (Security->Manage Trusts) to enter these in.

From the Consuming Farm, run get-farm | Select ID to get the ID of the consuming farm.

$farmID = 
$security = Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity
$claimProvider = (Get-SPClaimProvider System).ClaimProvider
$principal = New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimProvider -ClaimValue $farmID
Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"
Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security

Leave a Reply