Table of Contents |
---|
This document describes the steps needed for installing the various Aspire components of the SharePoint 2013 Publisher Endpoint.
This installation is done through a powershell script that will setup and configure the following components:
Note | ||
---|---|---|
| ||
|
Info |
---|
These prerequisites can be installed either manually configuring via Server Manager or running SharePoint 2013 prerequisite installer. |
To run the deploy scripts use an account with the following requirements:
The following are the user requirements for each component of the Endpoint:
If the user running the SharePoint Application Pool is different from the user you are using to access the Notification Service, then the Application Pool account should be the one that has the Search Service Application administrator permission and not the account that has access to the service. In that case, after setting the application pool account as a Search Service Application administrator, confirm that you have the following permissions on that account in the Search Databases, if not, add them manually:
title | Database Permissions Checklist |
---|
After doing all the changes specified previously, this is the complete list of user database roles as they should be.
Note |
---|
Since SharePoint setup user and server farm account have these privileges, it is recommended to use one of those accounts for this. Setup user is recommended, since it has machine admin rights as well. |
The Security PreTrimmer requires that the user identity sent to it contains at least one of the following claim types:
This describes the steps needed for installing the various Aspire components of the SharePoint 2013 Publisher Endpoint.
This installation is done through a powershell script that will setup and configure the following components:
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployPublisher.ps1 -configurationFilePath ..\config\configurationParameters.xml |
(Optional) Install the Security Trimmer. Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployAspireSecurityTrimmer.ps1 -configurationFilePath ..\config\configurationParameters.xml |
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployIntermediateRepository.ps1 -configurationFilePath ..\config\configurationParameters.xml |
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployAspireBDCService.ps1 -configurationFilePath ..\config\configurationParameters.xml |
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployNotificationService.ps1 -configurationFilePath ..\config\configurationParameters.xml |
Run
Code Block | ||||
---|---|---|---|---|
| ||||
.\DeployAspireSecurityTrimmer.ps1 -configurationFilePath ..\config\configurationParameters.xml |
The configuration file is found here "..\Deploy\config\configurationParameters.xml".
The next is an example on how to fill up the configuration file using the QA\spadmin for all the services.
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0"?> <parameters> <security> <usersGroupName>AspireUsers</usersGroupName> <ldapGroupQuery>CN=Users,DC=QA,DC=local</ldapGroupQuery> </security> <users> <AspireBDCServiceAppPool>QA\spadmin</AspireBDCServiceAppPool> <contentAccess>QA\spadmin</contentAccess> <aspirePropertyRepositoryUser>QA\spadmin</aspirePropertyRepositoryUser> <aspirePropertyEndpointUser>QA\spadmin</aspirePropertyEndpointUser> </users> <repository> <inputs> <folderPath>C:\Repository</folderPath> <shareName>IntermediateRepository</shareName> </inputs> <outputs> <repositorySharePath></repositorySharePath> </outputs> </repository> <aspireService> <inputs> <folderPath>C:\inetpub\wwwroot\AspireService</folderPath> <repositorySharePath piped="true"></repositorySharePath> </inputs> <outputs> <aspireServiceUrl></aspireServiceUrl> </outputs> </aspireService> <notificationEndpoint> <outputs> <notificationEndpointUrl></notificationEndpointUrl> </outputs> </notificationEndpoint> <securityTrimmer> <inputs> <groupExpansionService>http://localhost:50505/groupExpansion</groupExpansionService> <groupExpansionTimeout>15000</groupExpansionTimeout> <useDomain>false</useDomain> <claimIssuer>aspire</claimIssuer> <searchApplicationName>Search Service Application</searchApplicationName> <id>1</id> <assemblyVersion>2.2.0.2</assemblyVersion> </inputs> </securityTrimmer> </parameters> |
Code Block | ||
---|---|---|
| ||
<security> <usersGroupName>AspireUsers</usersGroupName> <ldapGroupQuery>CN=Users,DC=QA,DC=local</ldapGroupQuery> </security> |
The security section is an initial approach to have the users group name configurable. Right now it is hardwired to AspireUsers and cannot be changed due to code limitations.
Right now this configuration is used to determine if the AspireUsers group exists as an Active Directory group and if not, it will create it locally.
Field | Description |
---|---|
Users Group Name | User group to which the users must belong to. |
LDAP Group Query | The LDAP query (minus the group name) that will be used to check for the existence of the group. |
Code Block | ||
---|---|---|
| ||
<users> <aspireServiceAppPool>QA\spadmin</aspireServiceAppPool> <contentAccess>QA\spadmin</contentAccess> <aspirePropertyRepositoryUser>QA\spadmin</aspirePropertyRepositoryUser> <aspirePropertyEndpointUser>QA\spadmin</aspirePropertyEndpointUser> </users> |
The users section specifies the users for each component.
Field | Description |
---|---|
Aspire Service app pool user | User who runs the app pool of Aspire BDC Service |
Content access user | SharePoint default content access account |
Aspire property repository user | Intermediate Repository user, which is specified in Aspire PublishToSP2013 application properties. This can be any domain user |
Aspire property endpoint user | Endpoint user, which is specified in Aspire PublishToSP2013 application properties. This can be any domain user |
Code Block | ||
---|---|---|
| ||
<repository> <inputs> <folderPath>C:\Repository</folderPath> <shareName>IntermediateRepository</shareName> </inputs> <outputs> <repositorySharePath></repositorySharePath> </outputs> </repository> |
The Repository section defines the directory where the batches that Aspire generates will be stored until SharePoint crawls them and then get cleaned up.
Note |
---|
Only the properties under the inputs node must be defined. |
Field | Description |
---|---|
Folder Path | Location used to map the Shared folder |
Share Name | Name of the Shared folder that will be exposed to the smb protocol |
Code Block | ||
---|---|---|
| ||
<aspireService> <inputs> <folderPath>C:\inetpub\wwwroot\AspireBDCService</folderPath> <repositorySharePath piped="true"></repositorySharePath> </inputs> <outputs> <aspireServiceUrl></aspireServiceUrl> </outputs> </aspireService> |
The Aspire BDC Service section defines the destination of the service's assemblies and the url to the intermediate repository.
Note |
---|
Only the properties under the inputs node that don't have the piped attribute as true must be defined. |
Field | Description | ||
---|---|---|---|
Folder Path | Destination of the service's assemblies | ||
Repository Share Path | The repository's url.
|
Code Block | ||
---|---|---|
| ||
<notificationService> <inputs> <webAppUrl></webAppUrl> </inputs> <outputs> <notificationServiceUrl></notificationServiceUrl> </outputs> </notificationService> |
The Notification Service section defines the SharePoint web application where the Notification Service will be deployed.
Note |
---|
Only the properties under the inputs node can be defined. |
Field | Description |
---|---|
Web App Url | Optional. Defines the SharePoint web application where the notification service will be deployed. If no web app is defined it will deploy in all web apps in the farm. It can be deployed in the central admin as long as a Web Front End service is enabled in that server.
|
Code Block | ||
---|---|---|
| ||
<securityTrimmer> <inputs> <groupExpansionService>http://localhost:50505/groupExpansion</groupExpansionService> <groupExpansionTimeout>15000</groupExpansionTimeout> <useDomain>false</useDomain> <claimIssuer>aspire</claimIssuer> <searchApplicationName>Search Service Application</searchApplicationName> <id>1</id> <assemblyVersion>2.2.0.2</assemblyVersion> </inputs> </securityTrimmer> |
The Security Trimmer section defines the properties that the Trimmer component needs to access the group expansion service in order to verify the claims of a user requesting documents.
Field | Description |
---|---|
Group Expansion Service | Url of the Aspire Group Expansion service |
Group Expansion Timeout | Timeout to wait for Group Expansion response |
Use Domain | Use domain in security trimmer |
Claim Issuer | If you are using "Use Aspire" option in the SharePoint2013 Publisher, type "aspire" |
Search Application Name | Name of the Seach Application |
Id | The trimmer instance Id in SharePoint. Default is 1. |
Assembly Version | Version of the trimmer dll registered on the GAC |
Check in your drive that the folder was created. The location can be found in the output parameter <repositorySharePath>.