locked
Remove-SPTrustedIdentityTokenIssuer - The trusted login provider is in use RRS feed

  • Question

  • We have a number of SP 2010 applications and each is bound to an STS via the Trusted Identity Provider check-box when we create the web application.

    However, when we want to remove the Trusted Provider so that we can rerun the script again with some changes, you get the message:

    Remove-SPTrustedIdentityTokenIssuer : The trusted login provider is in use and cannot be deleted.

    We then have to uncheck the box on all the applications that use the provider, remove the provider, rerun the script and then check all the boxes again. This becomes a pain when you have a lot of applications!

    Is there an easier way?

    Monday, May 23, 2011 11:52 PM

Answers

  • Hi,

    In order to remove the Trusted Identity Providers from the farm, there is a two steps: firstly remove the identity provider from each web application in Central Admin and then run the Remove-SPTrustedIdentityTokenIssuer in powershell.


    Xue-Mei Chang
    Wednesday, May 25, 2011 9:00 AM

All replies

  • You can change the configuration with Powershell.

    This link doesn't have the exact script you need, but hopefully it will help you get started. http://social.technet.microsoft.com/Forums/en-IE/sharepoint2010setup/thread/7f9be1ef-22c2-4b73-8723-227b8b44d9f6

    --Doug

    Tuesday, May 24, 2011 12:27 AM
  • Thanks, I was wondering about a script.

    Essentially, you need to get a list of web applications bound to an identity provider and uncheck that flag for each, then remove and create the identity provider and then get the list again and check the flag.

    Any idea what the Powershell commands to do this would be?

     

    Tuesday, May 24, 2011 12:59 AM
  • Hi,

    In order to remove the Trusted Identity Providers from the farm, there is a two steps: firstly remove the identity provider from each web application in Central Admin and then run the Remove-SPTrustedIdentityTokenIssuer in powershell.


    Xue-Mei Chang
    Wednesday, May 25, 2011 9:00 AM
  • Yes - I realise that. As per the original question, that's exactly what we do now.

    When you have 20+ applications, it's a REAL pain.

    Is there not an easier way?

     

    Wednesday, May 25, 2011 9:50 PM
  • Xue-Mei, please unmark your post as an answer as it did not answer the question.
    Corey Roth - SharePoint Server MVP blog: www.dotnetmafia.com twitter: @coreyroth
    Wednesday, September 21, 2011 3:46 AM
  • That appears to be the correct answer.  There is a powershell command to add a login provider to a web app (New-SPAuthenticationProvider) but I don't see one to remove it on the command reference.

    http://technet.microsoft.com/en-us/library/ff678226.aspx

    Monday, June 4, 2012 4:21 PM
  • Actually that not always work. Example - following MSDN example to use "Convert-SPWebApplication" (https://technet.microsoft.com/en-us/library/jj219696.aspx) and following such execution one cannot remove the the Trusted IdP even if you delete all Web Apps, User profile service, etc. - in other words you might end rebuilding you Farm because this BUG.

    C:\>Marius

    Wednesday, January 27, 2016 4:05 PM
  • As always, Microsoft is leaving us high and dry looking like amateurs to our customers.

    Radu P.

    Friday, June 24, 2016 3:44 PM
  • Notice removing the identity provider from each web application is not always sufficient to be able to remove the Trusted Identity Provider from the farm. You might have to remove the associated SPTrustedClaimProvider first, too:

    $sptiti = get-sptrustedidentitytokenissuer
    remove-sptrustedidentitytokenissuer    # returns an error because $sptiti is in use
    
    $cpName = $sptiti.ClaimProviderName
    remove-spclaimprovider $cpName 
    remove-sptrustedidentitytokenissuer    # works fine now, no error anymore
    

    • Proposed as answer by Justin Warner Monday, June 12, 2017 2:47 AM
    Monday, November 7, 2016 1:26 PM
  • Hi Justin,

    It worked here as well.  Thank you so much

    Tuesday, September 5, 2017 8:11 PM