# Require any additional compass plugins here.
# Set this to the root of your project when deployed:
http_path = "./"
css_dir = "/"
sass_dir = "scss"
images_dir = "img"
javascripts_dir = "js"
fonts_dir = "fonts"
environment = :production
output_style = :expanded
# To enable relative paths to assets via compass helper functions. Uncomment:
# relative_assets = true
# To disable debugging comments that display the original location of your selectors. Uncomment:
# line_comments = false
color_output = false
relative_assets = true
# If you prefer the indented syntax, you might want to regenerate this
# project again passing --syntax sass, or you can uncomment this:
# preferred_syntax = :sass
# and then run:
# sass-convert -R --from scss --to sass sass scss && rm -rf sass && mv scss sass
preferred_syntax = :scss
Configure hybrid search results from SharePoint Online in SharePoint on-premise.md
# Introduction
In this post I'll show you how to get search results from your SharePoint Online in your SharePoint 2013 on-premise search center.
# Requirements
* User synchronisation ActiveDirectory to Office 365 with DirSync
* DirSync password sync or ADFS SSO
* SharePoint Online
* SharePoint 2013 on-premise
* Enterprise Search service
* SharePoint Online Management Shell
# Instructions
All configuration will be done either in the Search Administration of the Central Administration or in the PowerShell console of your on-premise SharePoint 2013 server.
# Set up Sever to Server Trust
Before we start with configuring and installing I highly recommand you to make a backup of your SharePoint databases and severs.
The most risky configuration of this tutorial will be the replacing of the signing certificate of the secure token service.
By running the command `Backup-SPFarm -ShowTree` you'll get an summary of all install services on your SharePoint.
Select the most important services and create a backup with:
```powershell
Backup-SPFarm -Directory <BackupFolder> -BackupMethod {Full | Differential} -Item <ServiceApplicationName> [-Verbose]
```
A restore is simply done by checking the backup history and restore a selected backup.
```powershell
Get-SPBackupHistory -Directory <BackupFolder>
Restore-SPFarm -Directory <BackupFolder> -Item <ServiceApplicationName> -RestoreMethod Overwrite [-BackupId <GUID>] [-Verbose]
```
## Export certificates
To create a server to server trust we need two certificates.
**[certificate name].pfx**: In order to replace the STS certificate, the certificate is needed in Personal Information Exchange (PFX) format including the private key.
**[certificate name].cer**: In order to set up a trust with Office 365 and Windows Azure ACS, the certificate is needed in CER Base64 format.
1. First launch the **Internet Information Services (IIS) Manager**
2. Select your **SharePoint web server** and double-click **Server Certificates**
3. In the **Actions** pane, click **Create Self-Signed Certificate**
4. Enter a name for the certificate and save it with **OK**
5. To export the new certificate in the Pfx format select it and click **Export** in the **Actions** pane
6. Fill the fields and click **OK**
Export to: `C:\[certificate name].pfx`
Password: `[password]`
7. Also we need to export the certificate in the CER Base64 format. For that purpose make a **right-click** on the certificate and click on **View...**
8. Click the **Details** tab and then click **Copy to File**
9. On the Welcome to the Certificate Export Wizard page, click **Next**
10. On the Export Private Key page, click **Next**
11. On the Export File Format page, click **Base-64 encoded X.509** (.CER), and then click **Next**.
12. As file name enter `C:\[certificate name].cer` and then click **Next**
13. Finish the export
## Import the new STS (SharePoint Token Service) certificate
Let's update the certificate on the STS. Configure and run the PowerShell script below on your SharePoint server.
```powershell
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# import it
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $PfxCert
certutil -addstore -enterprise -f -v root $stsCertificate
```
Type **Yes** when prompted with the following message.
> You are about to change the signing certificate for the Security Token Service. Changing the certificate to an invalid, inaccessible or non-existent certificate will cause your SharePoint installation to stop functioning. Refer to the following article for instructions on how to change this certificate: http://go.microsoft.com/fwlink/?LinkID=178475. Are you sure, you want to continue?
Restart IIS so STS picks up the new certificate.
```powershell
& iisreset
& net stop SPTimerV4
& net start SPTimerV4
```
Now validate the certificate replacement by running several PowerShell commands and compare their outputs.
```powershell
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
# get the encrypted pfx certificate object
New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# compare the output above with this output
(Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
```
## Establish the server to server trust
```powershell
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
Import-Module MSOnline
Import-Module MSOnlineExtended
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# set the onpremise domain that you added to Office 365
$SPCN = "sharepoint.domain.com"
# your onpremise SharePoint site url
$SPSite="http://sharepoint"
# don't change this value
$SPOAppID="00000003-0000-0ff1-ce00-000000000000"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# get the raw data
$PfxCertBin = $PfxCert.GetRawCertData()
# create a new certificate object
$X64Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
# import the base 64 encoded certificate
$X64Cert.Import($X64CertPath)
# get the raw data
$X64CertBin = $X64Cert.GetRawCertData()
# save base 64 string in variable
$CredValue = [System.Convert]::ToBase64String($X64CertBin)
# connect to office 3656
Connect-MsolService
# register the on-premise STS as service principal in Office 365
# add a new service principal
New-MsolServicePrincipalCredential -AppPrincipalId $SPOAppID -Type asymmetric -Usage Verify -Value $CredValue
$MsolServicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $SPOAppID
$SPServicePrincipalNames = $MsolServicePrincipal.ServicePrincipalNames
$SPServicePrincipalNames.Add("$SPOAppID/$SPCN")
Set-MsolServicePrincipal -AppPrincipalId $SPOAppID -ServicePrincipalNames $SPServicePrincipalNames
# get the online name identifier
$MsolCompanyInformationID = (Get-MsolCompanyInformation).ObjectID
$MsolServicePrincipalID = (Get-MsolServicePrincipal -ServicePrincipalName $SPOAppID).ObjectID
$MsolNameIdentifier = "$MsolServicePrincipalID@$MsolCompanyInformationID"
# establish the trust from on-premise with ACS (Azure Control Service)
# add a new authenticatio realm
$SPSite = Get-SPSite $SPSite
$SPAppPrincipal = Register-SPAppPrincipal -site $SPSite.rootweb -nameIdentifier $MsolNameIdentifier -displayName "SharePoint Online"
Set-SPAuthenticationRealm -realm $MsolServicePrincipalID
# register the ACS application proxy and token issuer
New-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/metadata/json/1/" -DefaultProxyGroup
New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/metadata/json/1/" -IsTrustBroker -Name "ACS"
```
# Add a new result source
To get search results from SharePoint Online we have to add a new result source. Run the following script in a PowerShell ISE session on your SharePoint 2013 on-premise server.
Don't forget to update the settings region
```powershell
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# region settings
$RemoteSharePointUrl = "http://[example].sharepoint.com"
$ResultSourceName = "SharePoint Online"
$QueryTransform = "{searchTerms}"
$Provier = "SharePoint-Remoteanbieter"
# region settings end
$SPEnterpriseSearchServiceApplication = Get-SPEnterpriseSearchServiceApplication
$FederationManager = New-Object Microsoft.Office.Server.Search.Administration.Query.FederationManager($SPEnterpriseSearchServiceApplication)
$SPEnterpriseSearchOwner = Get-SPEnterpriseSearchOwner -Level Ssa
$ResultSource = $FederationManager.GetSourceByName($ResultSourceName, $SPEnterpriseSearchOwner)
if(!$ResultSource){
Write-Host "Result source does not exist. Creating..."
$ResultSource = $FederationManager.CreateSource($SPEnterpriseSearchOwner)
}
$ResultSource.Name = $ResultSourceName
$ResultSource.ProviderId = $FederationManager.ListProviders()[$Provier].Id
$ResultSource.ConnectionUrlTemplate = $RemoteSharePointUrl
$ResultSource.CreateQueryTransform($QueryTransform)
$ResultSource.Commit()
```
## Add a new query rule
1. In the Search Administration click on **Query Rules**
2. Select **Local SharePoint** as Result Source
3. Click **New Query Rule**
4. Enter a Rule name f.g. Search results from SharePoint Online
5. Expand the **Context** section
6. Under **Query is performed on these sources** click on **Add Source**
7. Select your SharePoint Online result source
8. In the **Query Conditions** section click on **Remove Condition**
9. In the **Actions** section click on **Add Result Block**
10. As **title** enter **Results for "{subjectTerms}" from SharePoint Online**
11. In the **Search this Source** dropdown select your SharePoint Online result source
12. Select 3 in the **Items** dropdown
13. Expand the **Settings** section and select **"More" link goes to the following URL**
14. In the box below enter this Url **https://[example].sharepoint.com/search/pages/results.aspx?k={subjectTerms}**
15. Select **This block is always shown above core results** and click the OK button
16. Save the new query rule
# Source
[Replace the STS certificate for the on-premises environment](http://technet.microsoft.com/en-us/library/dn551378.aspx)
[Display hybrid search results in SharePoint Server 2013](http://technet.microsoft.com/en-us/library/dn197173.aspx)
[Office 365-Configure Hybrid Search with Directory Synchronization –Password Sync](http://blogs.msdn.com/b/spses/archive/2013/10/22/office-365-configure-hybrid-search-with-directory-synchronization.aspx)
[Office 365-Configure Hybrid Search with Directory Synchronization –Password Sync –Part2](http://blogs.msdn.com/b/spses/archive/2014/01/05/office-365-configure-hybrid-search-with-directory-synchronization-password-sync-part2.aspx)
[Back up service applications in SharePoint 2013](http://technet.microsoft.com/en-us/library/ee428318.aspx)
# Require any additional compass plugins here.
require "susy"
require "companimation"
require "rgbapng"
# paths
# Set this to the root of your project when deployed:
http_path = "/"
css_dir = "/"
sass_dir = "sass"
images_dir = "assets/img"
javascripts_dir = "assets/js"
fonts_dir = "assets/fonts"
# You can select your preferred output style here (can be overridden via the command line):
# output option: nested, expanded, compact, compressed
output_style = :expanded
# The environment mode.
# Defaults to :production, can also be :development
# Use :development to see line numbers, file names, etc
environment = :production
# To disable debugging comments that display the original location of your selectors. Uncomment:
line_comments = false
# To enable relative paths to assets via compass helper functions. Uncomment:
relative_assets = true
# disable the asset cache buster
asset_cache_buster :none
# Require any additional compass plugins here.
# Set this to the root of your project when deployed:
http_path = "/"
css_dir = "stylesheets"
sass_dir = "scss"
images_dir = "images"
javascripts_dir = "javascripts"
# You can select your preferred output style here (can be overridden via the command line):
# output_style = :expanded or :nested or :compact or :compressed
# To enable relative paths to assets via compass helper functions. Uncomment:
# relative_assets = true
# To disable debugging comments that display the original location of your selectors. Uncomment:
line_comments = false
# If you prefer the indented syntax, you might want to regenerate this
# project again passing --syntax sass, or you can uncomment this:
# preferred_syntax = :sass
# and then run:
# sass-convert -R --from scss --to sass sass scss && rm -rf sass && mv scss sass
require 'fileutils'
on_stylesheet_saved do |file|
if File.exists?(file) && File.basename(file) == "style.css"
puts "Moving: #{file}"
FileUtils.mv(file, File.dirname(file) + "/../" + File.basename(file))
end
end