Create Secure Store Service Application in SharePoint Server using PowerShell
PowerShell Script to Create SharePoint 2013/2016 Secure store Service application:
The Secure Store Service was introduced to replace the SSO feature since SharePoint 2010. Secure Store Service is a shared service that provides storage and mapping of credentials such as account names and passwords. It solves the problem of having to sign in to many applications and entering different usernames and passwords. It enables you to securely store data that provides credentials required to connect to external systems and associate those credentials to a specific identity or group of identities. Creating a secure store service application through SharePoint Central administration site is explained here: Configure Secure Store Service Application in SharePoint 2016
Create Secure store Service application using PowerShell in SharePoint 2016:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Configuration Parameters
$ServiceAppName = "Secure Store Service Application"
$ServiceAppProxyName = "Secure Store Service Application Proxy"
$AppPoolAccount = "Crescent\SP16-AppPool"
$AppPoolName = "Service Application App Pool"
$DatabaseServer ="SP16-SQL001"
$DatabaseName = "SP16_Service_SecureStore"
Try {
#Set the Error Action
$ErrorActionPreference = "Stop"
#Check if Managed account is registered already
Write-Host -ForegroundColor Yellow "Checking if the Managed Accounts already exists"
$AppPoolAccount = Get-SPManagedAccount -Identity $AppPoolAccount -ErrorAction SilentlyContinue
if($AppPoolAccount -eq $null)
{
Write-Host "Please Enter the password for the Service Account..."
$AppPoolCredentials = Get-Credential $AppPoolAccount
$AppPoolAccount = New-SPManagedAccount -Credential $AppPoolCredentials
}
#Check if the application pool exists already
Write-Host -ForegroundColor Yellow "Checking if the Application Pool already exists"
$AppPool = Get-SPServiceApplicationPool -Identity $AppPoolName -ErrorAction SilentlyContinue
if ($AppPool -eq $null)
{
Write-Host -ForegroundColor Green "Creating Application Pool..."
$AppPool = New-SPServiceApplicationPool -Name $AppPoolName -Account $AppPoolAccount
}
#Check if the Service application exists already
Write-Host -ForegroundColor Yellow "Checking if Secure Store Service Application exists already"
$ServiceApplication = Get-SPServiceApplication -Name $ServiceAppName -ErrorAction SilentlyContinue
if ($ServiceApplication -eq $null)
{
Write-Host -ForegroundColor Green "Creating Secure Store Service Application..."
$ServiceApplication = New-SPSecureStoreServiceApplication -Name $ServiceAppName -ApplicationPool $AppPoolName -DatabaseName $DatabaseName -DatabaseServer $DatabaseServer -AuditingEnabled:$false
$ServiceApplicationProxy = New-SPSecureStoreServiceApplicationProxy -Name $ServiceAppName" Proxy" -ServiceApplication $ServiceApplication -DefaultProxyGroup
}
#Start service instance
$ServiceInstance = Get-SPServiceInstance | Where-Object { $_.TypeName -like "*Secure Store Service*" }
#Check the Service status
if ($ServiceInstance.Status -ne "Online")
{
Write-Host -ForegroundColor Yellow "Starting the Secure Store Service Instance..."
Start-SPServiceInstance $ServiceInstance
}
Write-Host -ForegroundColor Green "Secure Store Service Application created successfully!"
}
catch {
Write-Host $_.Exception.Message -ForegroundColor Red
}
finally {
#Reset the Error Action to Default
$ErrorActionPreference = "Continue"
}
Create Master Key for Secure Store Service using PowerShell:
#Config parameters
$Passphrase = "Password1"
$ServiceAppProxyName="Secure Store Service Application Proxy"
#Get the Service App Proxy
$ServiceAppProxy = Get-SPServiceApplicationProxy | where { $_.Name -eq $ServiceAppProxyName}
#Create Master key
Update-SPSecureStoreMasterKey -ServiceApplicationProxy $ServiceAppProxy -Passphrase $Passphrase
Don’t forget to change the values in the #Configuration Parameters section!
Salaudeen —
I keep getting this error when I try to create the key:
Update-SPSecureStoreMasterKey : There are no addresses available for this application.
Any ideas?