Many of you might have started working on or at least looking at Hybrid Implementation of SharePoint 2013 and Office 365, probably using some federated Authentication like ADFS 3.0.You might not have faced any issues when installing and running even basic apps from SharePoint store in Office 365 environment, it is not that easy, well at least not that well documented on how this exactly works for In-Premise sites.
In some case, you might have got it working in your lab/dev environment easily, but what if you have a SharePoint site with Host Headers defined in IIS. As per “Setting up your App domain for SharePoint 2013“, you must not use Host Headers in your SharePoint site to ensure Apps work properly. However, this may not be the ideal scenario always in production environment, as there could be multiple sites hosted in IIS, on port 443 to enable use of SSL and that can only be achieved by either having multiple IP addresses or Host Headers.
While exploring for a solution, I found this article “Configuring SharePoint 2013 Apps and Multiple Web Applications on SSL with a Single IP Address“, while this has some very nice explanation, I could not get my Apps working using that Listener Site, as my SharePoint sites are using ADFS authentication and I could not get past that Authentication of the Listener site.
Also, even after going through the technet article “Enable apps in AAM or host-header environments for SharePoint 2013” multiple times, I could not understand where was it actually creating the app domain and which certificate it was applying !
I’ll just focus on the In-Premise part, as for office 365, it just works without any additional configurations !
So, lets summarize our problem statement:
- We have a SharePoint web application (say https://sites.contoso.com) with Host Header set in IIS, using 443 and have a valid SSL certificate attached.
- Our SharePoint Web Application is configured to use ADFS Authentication
- We need to configure this environment so that we can use SharePoint Hosted Apps (Including SharePoint Store Apps)
- We have already configured the App Environment as explained in the technet article “Configure an environment for apps for SharePoint (SharePoint 2013)“
$contentService.SupportMultipleAppDomains = $true
$contentService.Update()
IIsreset
4. Now, lets' go back to IIS and open your SharePoint site's binding again
If your need to run apps in any other zone than the default one, you need to make some changes otherwise SharePoint seems to redirect apps requests always back to your default zone URL.
Obviously, you would change the zone in the command from say default to Intranet
New-SPWebApplicationAppDomain -AppDomain “contosoapps.com” -WebApplication “https://sites.contoso.com” -Zone Intranet -Port 10000 –SecureSocketsLayer
then, in Central admin –> Apps –> Configure Apps URL, change the app domain to something else like ContosoApps2.com… If it is contosoapps.com, the requests will go to the default zone.
To share the app domain with other sharepoint web apps which are using same zone, authentication and app pool identity, simply run this command
New-SPWebApplicationAppDomain -AppDomain “contosoapps.com” -WebApplication “https://portal.contoso.com” -Zone Intranet -Port 10000 –SecureSocketsLayer